This node defines how users will authenticate to the reverse proxy.
These entries can be used to override the default authentication challenge which unauthenticated clients will be redirected to when first accessing the reverse proxy.
If an OIDC identity source is configured, this entry will default to the OIDC authentication URI "/pkmsoidc?iss=default".
These entries can be used to override the default post authentication URL which clients will be redirected to once they have successfully authenticated.
The configuration entries in this section allow the reverse proxy to act as an OIDC relying party.
IBM Security Verify, IBM Security Verify Access and IBM Security Access Manager 188.8.131.52+ are supported as OIDC identity providers.
The configuration entries in this section allow the reverse proxy to accept an OAuth bearer token and use the configured OAuth introspection endpoints to validate the token and create an authenticated session.
IBM Security Verify, IBM Security Verify Access and IBM Security Access Manager 184.108.40.206+ provide supported OAuth introspection endpoints.
Multiple introspection endpoints may be different so that different providers can be enabled for different resource servers.
External Authentication Interface, which allows an application to assert client identity information to the IBM Application Gateway container.
Please note that an access policy which allows unauthenticated access to this resource must be created. The URL string patterns are case-sensitive and may contain wild card patterns.
The format for a regular path-based application is:
The format for a Virtual Host application is:
For Virtual Host applications to match a trigger they must also have the same protocol (http[s] = TCP/SSL) and have the same
port as the trigger.
The configuration entries in this section allow the reverse proxy to act as an OIDC relying party to IBM Security Verify.
Updated 11 months ago