Airlock Microgateway 3.X for Airlock IAM configuration
Notice
The IAM Loginapp must be placed behind an Airlock Gateway or Airlock Microgateway. It is configured as back-end application that is allowed to authenticate sessions.
Notice
Each of the Airlock IAM modules (i.e. Loginapp or Adminapp) may be used with a single Airlock Microgateway mapping.
However, multiple mappings are required in the following situations:
- Two or three mappings are required if the Airlock Microgateway's API Enforcement feature is used to protect IAM's Loginapp REST API (enhances security).
- Two mappings are required if client certificate authentication is mixed with form-based authentication in one virtual host (domain).
Procedure-related prerequisites
- For compatibility to Airlock IAM release versions, see Compatibility with Airlock Microgateway.
- Airlock Microgateway mappings must be available as separate files for each mapping.
Download the required Microgateway mappings
Airlock Microgateway version | Airlock IAM version | Mapping template |
|---|---|---|
3.0 and newer | 7.7 and newer |
Notice
CSRF token protection of Airlock Microgateway:
- The gateway CSRF token protection is activated on all Loginapp REST Mappings.
- This may require small changes to your single-page application to handle possible CSRF Blocks. If this is not possible, the CSRF protection on these mappings can be disabled to return to the previous behavior.
Microgateway DSL
- Open the Microgateway DSL in the preferred Editor
- add a mapping name
- add a
mapping_template_file - add
api_security.openapi - add
api_security.openapi.spec_file - The mapping is loaded and validated against the openapi specification provided
Example
The following code sample shows an excerpt from a Microgateway DSL: