Mapping for one-shot authentication

Gateway target application/service mapping

 
Notice

The first part of this article is about the mapping of the protected target application / service. For IAM mapping, see IAM mapping.

The following form fields need to be configured to activate one-shot authentication on a Airlock Gateway mapping:

Basic tab, Application section:

  • Check if the application requires session handling. If not, Session handling can be set to Sessionless.

Access tab:

  • Access restrictions >> Restricted to Roles: Restrict access to the desired role(s). For example, serviceAbc
  • Authentication flow: Choose One-Shot.
  • Denied access URL : Enter
    • /rest/public/authentication/one-shot/applications/{application id} (flow-based one-shot authentication)
    • /auth/login-oneshot (authenticator-based one-shot authentication)

IAM mapping

To allow one-shot requests on Airlock IAM, the corresponding allow rule must be enabled on the IAM mapping:

See Airlock Gateway for Airlock IAM configuration for further information on the IAM mapping configuration.