Auth Challenge Redirect

identity/auth_challenge_redirect

These entries can be used to override the default authentication challenge which unauthenticated clients will be redirected to when first accessing the reverse proxy.
If an OIDC identity source is configured, this entry will default to the OIDC authentication URI "/pkmsoidc?iss=default".

Properties

NameTypeConstraintsDescription
urlstringThe URI which a client will be redirected to in order to start the authentication process. This URI can be absolute or server relative.
parametersArray of parameters

identity/auth_challenge_redirect/parameters[]

Additional parameters which can be included in the redirect URI as query string arguments.

Properties

NameTypeConstraintsDescription
sourcestringValues: macro, header, credentialThe source the value should be taken from.
valuestringThe name of the macro, HTTP header or credential attribute the value will be taken from.
When using the macro type source, valid values are:

- TAM_OP
- USERNAME
- METHOD
- URL
- REFERER
- HOSTNAME
- PROTOCOL
namestringThe name which should be used to name the parameter inserted into the redirect URL. If this value is not specified, the parameter will be named accordingly:

- For macro sources, the name will be used verbatim.
- For header sources, the name will be of the format HTTPHDR_<name>
- For credential sources, the name will be of the format CREDATTR_<name>

Example

identity:
  auth_challenge_redirect:
    url: /eai/login_start
    parameters:
      - source: macro
        value:  HOSTNAME
        name:   host
      - source: credential
        value:  AZN_CRED_NETWORK_ADDRESS_STR
        name:   origin
      - source: header
        value:  X-IBM-Proxy
        name:   proxy