Authentication flow for IAM as OAuth or OIDC client configuration

Procedure-related prerequisites

  • You need to be logged in to the Airlock IAM Adminapp and be able to access the Config Editor.
  • An OAuth or OIDC client configuration must be available.

  1. Configure a target application
  2. Go to:
    Loginapp >> Applications and Authentication
  3. Create a Target Application plugin in the Default Application or Applications setting
  4. Go to:
    Target Application and configure the plugin
  5. Application ID: Set an identifier for the application. This identifier will be referenced by other configurations.
  6. Create an Authentication Flow plugin in the Authentication Flow setting
  7. Airlock IAM is configured with a target application and is ready for the configuration of the authentication flow.
  1. Configure an authentication flow
  2. Go to:
    Target Application Authentication Flow
  3. Create an OAuth 2.0 SSO Step in the Steps setting
  4. Go to:
    OAuth 2.0 SSO Step
  5. As Provider Identifier select one of the previously configured providers.
  6. Airlock IAM is configured with an authentication flow that will use a remote authorization server for authentication.
  1. Identity propagation option
  2. In the target application, go to:
    Authentication Flow
     
  3. Configure a plugin in the Identity Propagation setting that meets the requirements of the target application.
  4. After the successful completion of the authentication flow, Airlock IAM will propagate the configured attributes to the target application.
  5. Example: A Generic Identity Propagation plugin will configure identity propagation to deliver the access token to the target application with the following settings:

    • Ticket Adder: Request Header Ticket Adder
    • Ticket String Provider: Template-Based String Provider
      • Value Provider: OAuth 2.0 Tokens Map
      • Template:Bearer ${access_token}
  1. Persistency-less option
  2. In the target application, go to:
    Authentication Flow
  3. In Security Settings enable the Persistency-less option
  4. Airlock IAM will accept credentials from the remote authorization server without validating a local user account.