Basic Authentication

The basic_auth configuration entry controls how the IAG manages the Authorization header. The 3 options available are documented in the identity_headers#basic_auth YAML reference.

IP Address

The ip_address boolean configuration entry controls whether the IP address of the client which originated the request will be included in the request which is sent to the resource server. The IP address will be added as the 'iv-remote-address' HTTP header.

User Attributes

The attributes configuration entry is used to specify the list of user attributes which will be added as HTTP headers of the request. The information required when configuring the attributes is documented in the [identity_headers#attributes-object]../../yaml/yaml-resource_servers/identity_headers.html#attributes-object) YAML reference.

Hint: You can use the inbuilt Credential Viewer application to list the credential attributes available in a user session.

Session Cookie

By default the IAG session cookie is removed from the request before it is forwarded to the resource server. In the event that the session cookie is required by the protected application the session_cookie configuration entry can be set to true. This will allow the IAG to forward the session cookie, if present, to the resource server.

Signed JWT

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

The jwt configuration entry allows you to generate and insert a signed JSON Web Token into a designated HTTP header of requests which are forwarded to a resource server. A generated JWT is cached with the user session and is valid for the lifetime of the user session. The information required when configuring the JWT is documented in the [identity_headers#jwt-object]../../yaml/yaml-resource_servers/identity_headers.html#jwt-object) YAML reference.

LTPA

Lightweight Third-Party Authentication (LTPA) is an authentication technology used in IBM WebSphere. IAG has the ability to generate an LTPA token and pass this onto the proxied resource server for single sign-on purposes. Information on how to enable the generation of the LTPA token is documented in the identity_headers#ltpa-object YAML reference.

Kerberos

Information on how to enable the generation of the Kerberos token is documented in the services/kerberos YAML reference for configuration of the globally effective configuration, and resource specific configuration information can be found within the identity_headers#kerberos YAML reference.

Externally provided username/password for basic authentication

An external credential service can be used to provide a username and password which IAG can provide to resource servers as a basic authentication header.

Refer to the topic Using a Credential service for single sign-on, the services/credential and the identity_headers#basic_auth YAML references.

Externally provided username/password for forms-based authentication

An external credential service can be used to provide a username and password which IAG can use to perform forms-based login on behalf of clients.

Refer to the topic Using a Credential service for single sign-on, the services/credential and the forms_login YAML references.