Protecting Airlock IAM with separate Microgateways and shared session store

This setup uses separate Microgateways for each protected service and for Airlock IAM. As a consequence, the different Microgateway deployments are independent. If service 1 must be reconfigured, Microgateways for other services are unaffected. SSO state is synchronized using a common Redis database.

Characteristics of setup

  • Similar to Separate Microgateway for each service, which means, that the same arguments apply here.
  • Separate Microgateway for Airlock IAM and each service.
  • Roles are set using the Airlock Control API. On the Microgateway protecting Airlock IAM, roles must be whitelisted using the expert settings "RolesWhitelist.*"
  • Each Microgateway is connected to the same Redis service for SSO state synchronization, as described in section Session handling.