CR AccessControl

Airlock Microgateway can be configured to perform authorization, authentication and identity propagation using the CR AccessControl. For session handling, access control requires a Microgateway Session Agent setup with a Redis database. See also article Microgateway Session Agent.

List of referenceable CRs:

 
Risk

Currently, only basic OpenID Connect (OIDC) support is available for testing purposes. Future Airlock Microgateway releases will add configuration options for use in production environments.

 
Notice

This CR needs to be referenced in the CR SidecarGateway.

Prerequisites

  • Licensed module for Access control.
  • Airlock IAM or another OIDC provider for OIDC authentication.
  • A Redis database configured for session handling.

Example configuration

For the default and an example configuration, see CR AccessControl reference documentation.

About the example configuration:

  • The CR OIDCRelyingParty specifies how the Airlock Microgateway Engine interacts with an OpenID Provider (OP) to authenticate the user.
  • The CR IdentityPropagation specifies how the identity of the authenticated user is propagated from the Microgateway Engine to the back-end.