Example: Authenticate HTTP request with JWT

Use-Case:

  • The HTTP client sends a token, e.g. a JSON Web Token (JWT) in a header to authenticate the client
  • Airlock Gateway/IAM use the one-shot flow to validate the token and extract user information from it
  • Airlock IAM may optionally perform lookup in the user directory (LDAP, DB, ...) to perform additional checks or add more information

Configuration hints:

  • Credential Extractor: use plugin HTTP Header Token Extractor (as SSO Credential)
    • Header Name: e.g.  “Authorization”
    • Decoder: e.g. “JWT Ticket Decoder”
    • the ticket decoder, such as JWT Ticket Decoder
    • all other properties according to the plugin documentation
  • Authenticator: plugin “Lookup and Accept Authenticator” may be used to look-up the user in the directory

Further information and links