Skip to main content

Default Authentication Challenge

Description

These entries can be used to override the default authentication challenge which unauthenticated clients will be redirected to when first accessing the reverse proxy. If an OIDC identity source is configured, this entry will default to the OIDC authentication URI "/pkmsoidc?iss=default".

Properties

The following table(s) describe the configuration properties for this component:

Name Type Constraints Description
url string The URI which a client will be redirected to in order to start the authentication process.
parameters array[PARAMETERS Object]

PARAMETERS Object

Additional parameters which can be included in the redirect URI as query string arguments.

Name Type Constraints Description
source string Values: macro,header,credential The source the value should be taken from.
name string The name which should be used to name the parameter inserted into the redirect URL. If this value is not specified, the parameter will be named accordingly:

* For 'macro' sources, the name will be used verbatim.
* For 'header' sources, the name will be of the format HTTPHDR\_<name>
* For 'credential' sources, the name will be of the format CREDATTR\_<name>
value string The name of the macro, HTTP header or credential attribute the value will be taken from.
When using the 'macro' type source, valid values are:

* TAM_OP
* USERNAME
* METHOD
* URL
* REFERER
* HOSTNAME
* PROTOCOL

Example

 identity:
       auth_challenge_redirect:
         url: /eai/login_start
         parameters:
           - source: macro
             value:  HOSTNAME
             name:   host
           - source: credential
             value:  AZN_CRED_NETWORK_ADDRESS_STR
             name:   origin
           - source: header
             value:  X-IBM-Proxy
             name:   proxy