Loginapp (module) in the Config Editor

This chapter describes the features of the Loginapp module and how to configure and use them.

The Loginapp module provides the Loginapp UI web interface and Loginapp REST API for interacting with the end-user and Airlock IAM. It provides APIs and web UIs for authentication, self-services, and it authorizes users to access target applications.

Loginapp UI login form example for a configured Loginapp REST API basic authentication flow:

Main features

The IAM Loginapp features:
Web and REST interface for user authentication-related and self-services.
Adaptable web application for all kinds of authentication flows.
Adaptable application for numerous self-services.
Providing high-security for the much-exposed login application.
Single sign-on (SSO), federation, and identity propagation.
End-point to interact with the Airlock Gateway.

Loginapp REST API vs. Loginapp UI configuration

The Loginapp REST API configuration defines what services are available and their behavior. The Loginapp UI is based entirely on the REST API. The Loginapp UI's configuration defines only UI-relevant and web browser-related aspects of the application.

Some examples are given below to further illustrate the difference in what aspects are to be configured.

Loginapp REST API configuration:
Available services such as authentication flows, self-service flows, etc.
Authorization and access conditions.
Infrastructure services such as database connections, SMS providers, 2nd-factor integration, etc.
List of languages accepted by the REST API.
List of target applications/services with allowed entry URLs, required roles, and identity propagation.

Loginapp UI configuration:
Defines whether the Loginapp UI is available or not.
Configures details on specific pages (e.g. show a forgot password link on the login page or not).
Specifies whether certain buttons (e.g. Cancel or Goto) are visible or not.
How to interpret browser URIs to extract the display language or determine the ID of the target application.
Defines where to redirect the browser to after flows are completed or have been canceled.

Summary of technical facts

The following is a brief list of technical facts of the Airlock IAM Loginapp.

Name	Value	Description and links
Module name	`loginapp`	The Loginapp can be enabled or disabled using the application parameters property `iam.modules.`
Configuration root	Loginapp	The Loginapp is a top-level element in the configuration.
URL (internal)	`/auth-login`/	The internal URL of the Loginapp is defined by the application parameter `iam.loginapp.url.path` and defaults to /`<instance-name>-login/`.
URL (external)	/auth/	The external URL of the Loginapp is defined in the Airlock Gateway mapping. The indicated value is the default entry path of the mapping template.