Auth Challenge Redirect
identity/auth_challenge_redirect
These entries can be used to override the default authentication challenge which unauthenticated clients will be redirected to when first accessing the reverse proxy.
If an OIDC identity source is configured, this entry will default to the OIDC authentication URI "/pkmsoidc?iss=default".
Properties
| Name | Type | Constraints | Description |
|---|---|---|---|
| url | string | The URI which a client will be redirected to in order to start the authentication process. This URI can be absolute or server relative. | |
| parameters | Array of parameters |
identity/auth_challenge_redirect/parameters[]
Additional parameters which can be included in the redirect URI as query string arguments.
Properties
| Name | Type | Constraints | Description |
|---|---|---|---|
| source | string | Values: macro, header, credential | The source the value should be taken from. |
| value | string | The name of the macro, HTTP header or credential attribute the value will be taken from. When using the macro type source, valid values are:- TAM_OP- USERNAME- METHOD- URL- REFERER- HOSTNAME- PROTOCOL | |
| name | string | The name which should be used to name the parameter inserted into the redirect URL. If this value is not specified, the parameter will be named accordingly: - For macro sources, the name will be used verbatim.- For header sources, the name will be of the format HTTPHDR_<name>- For credential sources, the name will be of the format CREDATTR_<name> |
Example
identity:
auth_challenge_redirect:
url: /eai/login_start
parameters:
- source: macro
value: HOSTNAME
name: host
- source: credential
value: AZN_CRED_NETWORK_ADDRESS_STR
name: origin
- source: header
value: X-IBM-Proxy
name: proxy
Updated almost 2 years ago