Airlock Gateway (WAF) provides several authentication flows (see mapping configuration):
Type | Main Usage | Description |
|---|---|---|
Redirect | Web application | Redirect browser to login page (denied access URL) if role missing on mapping. |
One-shot | REST clients | If role missing on mapping, temporarily stop request in Airlock Gateway (WAF) and send HTTP header to IAM (denied access URL) for inspection. |
One-Shot with body | REST clients | Same as One-shot but with HTTP body sent to IAM. |
Note that the one-shot requests are only sent from Airlock Gateway (WAF) to IAM if the required role(s) are missing on the mapping.