Request processing steps
Microgateway request processing steps

Microgateway receives HTTP/HTTPS requests and forwards them to the back-end service. Finally, the back-end creates a HTTP/HTTPS response, which the Microgateway sends to the requesting client.

During this process, many steps are being processed by Airlock Microgateway. Generally they can be separated into the Request processing and Response processing tasks.

Microgateway-manual-request-processing-steps
Request processing
 
Response processing
  • 1.
    TLS handshake
    • Present TLS server certificate
    • Check client certificate (optional)
  • 2.
    Establish session handling (optional)
  • 3.
    JWT validation (optional)
    • JWT validation
    • Role extraction from JWT
    • Client-ID extraction from JWT
  • 4.
    Authentication enforcement (optional)
  • 5.
    Path and parameter validation
    • Parameter normalization and character encoding
    • Check URL encryption (optional)
  • 6.
    Policy enforcement
  • 7.
  • 8.
    Request enrichment
    • Add cookies from cookie store
    • Decrypt protected cookies
    • Add headers from header store
    • SSO credential propagation
    • Add environment cookies
  • 9.
    Send request to back-end
 

For every request the filtering engine writes a log message with the "log_id":"WR-SG-SUMMARY". Even without going through the Response processing steps.