Configure an HTTP redirect authentication mechanism
The HTTP redirect authentication mechanism integrates an external application. The application...
- Generates a credential with an attribute matching the success credential attribute Name and Value properties.
- Returns control to ISAM by redirecting the browser to the location provided on the ReturnURL query string parameter when the application was invoked.
When we are using the HTTP Redirect Authentication Mechanism the value for 'Redirect URL' redirects the end user to an application that eventually performs an EAI Authentication. To this effect, the application should have an associated EAI Trigger URL in the ISAM configuration file. The EAI Application should also return an attribute with a name matching the HTTP Redirect Authentication Mechanism property 'Success Credential Attribute Name'. The value of that credential attribute must match the configured value in the property Success Credential Attribute Value to indicate the redirected authentication mechanism is successful. When we are redirecting to the External Application, the HTTP Redirect Authenticaton mechanism includes a Query Parameter of ReturnURL. This must be provided back to Verify Access as the am-eai-redir-url to redirect back to the authentication mechanism for validation the credential attribute is added as expected.
Steps
- Log in to the local management interface and and set property values...
AAC > Policy > Authentication > Mechanisms > HTTP Redirect Authentication > Modify > Properties tab > property > Modify
- Take note of the properties for the mechanism.
- Redirect URL
- The URL to the external authentication application.
Data type: String- Success Credential Attribute Name
- The credential attribute name that verifies successful authentication.
Data type: String
Default: httpRedirectAuthCompleted.- Success Credential Attribute Value
- The credential attribute value that verifies successful authentication.
Data type: String
Default: true.
- Click Save.
What to do next
When configuring the mechanism, a message indicates that changes are not deployed. When you finish the changes, deploy them. For information, see Deploying pending changes.Parent topic: Authentication