Mapping for one-shot authentication
Gateway target application/service mapping
Notice
The first part of this article is about the mapping of the protected target application / service. For IAM mapping, see IAM mapping.
The following form fields need to be configured to activate one-shot authentication on a Airlock Gateway mapping:
Basic tab, Application section:
- Check if the application requires session handling. If not, Session handling can be set to
Sessionless
.
Access tab:
- Access restrictions >> Restricted to Roles: Restrict access to the desired role(s). For example,
serviceAbc
- Authentication flow: Choose
One-Shot
. - Denied access URL : Enter
/rest/public/authentication/one-shot/applications/{application id}
(flow-based one-shot authentication)/auth/login-oneshot
(authenticator-based one-shot authentication)
IAM mapping
To allow one-shot requests on Airlock IAM, the corresponding allow rule must be enabled on the IAM mapping:
See Airlock Gateway for Airlock IAM configuration for further information on the IAM mapping configuration.