- Airlock Gateway supports different types of authentication flows:
- Redirect: the browser is redirected to access Airlock IAM for authentication.
- One-Shot: the browser is not redirected for authentication.
Please refer to the Airlock Gateway documentation for further information.
Related information can also be found in Interaction models for authentication.
Topic | One-Shot | Redirect | Remarks |
---|---|---|---|
Unauthenticated POST requests | The browser directly receives a 401 response and knows that data is not processed. The browser re-sends the data after acquiring the Kerberos ticket. No data is lost. | The browser receives a redirect and thinks the data is processed (but is not). POST data is lost. | POST requests contain data the client wants to send to the server. The kind and amount of data differ depending on the web application. For a ticketing web application that could be a comment on a ticket. An unauthenticated POST request could occur if a user starts to write a comment in a ticketing system, goes for lunch, the session times out and after lunch, the user submits the comment. |
Multi-Factor Authentication | Only client certificates can be used as 2nd factor. | All 2nd factors are possible. | |
Other Self-Services or intermediate pages | No interactive elements are possible. | Possibility to add terms of services, token migrations, or other steps before the user is finally redirected to the target application. |