The use of configuration contexts requires thorough planning and careful configuration. The following content guides you through those two stages.
Step 1 - Determine the configuration context
For every HTTP request sent to Airlock IAM (e.g. answer an authentication request), the active configuration context is determined, in order to select the corresponding configuration.
The configuration context is determined by evaluating the current HTTP request using the configured context extractor plugin(s).
There are several context extractor plugins. Custom context extractor plugins can be written if required.
Example plugins:
Plugin Name | Description |
|---|---|
URL Context Extractor | Determines the configuration context by matching the URL (as seen by the browser; including the domain) against a list of configured rules.  Note that for the Loginapp UI, the considered request URLs are the ones on the REST requests sent to the server and not the URLs displayed in the browser's address bar. |
IP Address Context Extractor | Determines the configuration context by matching the client (browser) IP address against a list of configured rules. |
Client Certificate Context Extractor | Determines the configuration context by matching information from a client certificate (mutual SSL) against a list of configured rules. |
HTTP Parameter Context Extractor | Determines the configuration context by matching an HTTP parameter against a list of configured rules.  For this extractor to work, the IAM server must be able to extract the HTTP parameter from the HTTP request. The parameter can be part of the URL (GET request with query parameters) or be available POST request data but not part of a JSON body. The usage of this extractor for the Loginapp REST API is therefore limited to GET requests with query parameters. This extractor will not work with the Loginapp UI since the Loginapp UI does not forward parameters. |
Static Context Extractor | Uses a statically configured context. |
There are plugins combining several of the above methods: Combining Context Extractor and Concatenating Context Extractor.
To get a full list of existing context extractor plugins, please open the Config Editor and add a new context extractor plugin.
Step 2 - Context-dependent configuration
- Every configuration property may be defined differently for each configuration context.
- If no context-specific value is configured for a given context, the default context value is used.
Thus, only the values that are really context-dependent – these are typically very few – must be configured for each context. All the rest of the configuration is defined only once.