The following use cases are good examples of what configuration contexts were designed for.
- Common properties of recommended use cases
- The configuration context can be extracted from every HTTP request (and not selected requests).
- Context extraction should result in the same context for all URIs within an IAM instance (e.g. login page, check-login URL, OAuth endpoints, etc.). Exception: Use-Case marked with *.
- Very similar configuration for each configuration context.
Use case | Description / Example | Recommendations / Remarks |
---|---|---|
RU1: Internal/External Access | Employees access the same protected applications/services internally ("internal access") and from the internet ("external access"). Internal access requires single-factor authentication but external access requires strong authentication. |
Context Extractors for this use-case: URL Context Extractor, IP Address Context Extractor. |
RU2: Multiple Similar Tenants | IAM is used for multiple tenants that are very similar. Tenants e.g. only differ in the name of the user table (or directory tree). |
Context Extractors for this use-case: URL Context Extractor. |
RU3: Client-Certificate (X.509) dependent Configuration | Users are authenticated using client certificates (X.509) used in the TLS handshake and the configuration is slightly different depending on the certificate. Examples:
|
Context Extractors for this use case: Client Certificate Context Extractor |
RU4: Testing/Demoing | Try out or demonstrate different variants of a feature while keeping most of the configuration constant. For example, different features may be selected by URL and can be shown/tested without configuration change or just by changing the context. |
Context Extractors for this use-case: URL Context Extractor, Static Context Extractor. |
Combined Use-Cases | Use cases may be combined using extractors that process multiple other context extractors. Example: Evaluate both the domain (multiple tenants) and the client IP address (internal/external access) to determine the context. Example: Evaluate first the domain to set and use a configuration context. If the domain does not determine the configuration context, evaluate the client IP address to determine a configuration context. |
Context Extractors for this use-case: Combining Context Extractor, Concatenating Context Extractor. |