Comparison of gateway integration features

With the introduction of the Microgateway 4.0 the communication between IAM and Microgateway 4.X is migrated from a proprietary protocol based on Env Cookies and CAPI (Control API) to HTTP Headers.

The following table gives an overview of the features that are currently supported by different versions of Gateway and Microgateway:

Feature

Gateway

Microgateway 3.X

Microgateway 4.X

Client IP

Icon - ON
Icon - ON
Icon - ON

URL (as seen by the client)

Icon - ON
Icon - ON
Icon - ON

TLS Client Cert information

Icon - ON
Icon - ON
Icon - ON

Request ID

Icon - ON
Icon - ON
Icon - ON

Session ID

Icon - ON
Icon - ON

Cookie handling

  • Cookie Store
  • Cookie passthrough
Icon - ON
Icon - ON

Session management

  • Session termination
  • Idle time and lifetime of sessions
  • Force new Session ID
  • Renegotiate TLS
Icon - ON
Icon - ON

Roles and roles expiration

  • Not authorized redirect of client
  • Idle time and lifetime of roles
Icon - ON
Icon - ON

Identity propagation

Icon - ON
Icon - ON

Mapping templates with IAM specific security settings

Icon - ON
Icon - ON

Helm chart with IAM specific security settings

Icon - ON

CSRF protection

Icon - ON
Icon - ON
Icon - ON

OpenAPI specification enforcement

Icon - ON
Icon - ON

API Policy and rate limiting

Icon - ON
Icon - ON