Separate REST API channel access

It is preferred to separate REST client access from traditional browser channel client access. The idea here is to enable separation of configuration options that might conflict with browser and REST API client access.

If possible, expose a separate reverse proxy instance. Minimally, create a junction that is separate to the default /mga junction and enables access to the /apiauthsvc endpoint. Example junction settings are as follows:

• Junction Point Name: /mgaapi
• Stateful Junction: true/enabled
• Junction type: SSL
• Servers: The runtime host and port where Advanced Access Control run time is running. If the reverse proxy and AAC are colocated, then localhost:443 can be set.
• HTTP Basic Authentication Header: Filter
• HTTP Header Identity information: 'IVUSER', 'IVGROUPS', 'IVCREDS'
• HTTP Header Encoding: UTF8 URI Encoded
• Insert client IP address: true/enabled

The Authentication and Context Based Access wizard creates ACLs with the following prefix:

isam_authsvc_*

The MMFA Configuration wizard makes ACLs with the following prefix:

isam_mobile_*

Parent topic: Authentication Service Framework for REST API clients