Latest update: 7.0.2

Preface
- About This Guide
- Example Installation for This Guide
- External Tools Used In This Guide
About IG
- IG As an HTTP Gateway
- Processing Requests and Responses
- Development Mode and Production Mode
- Decorators
- Configuration Parameters Declared as Property Variables
- Changing the Configuration and Restarting IG
- Understanding IG APIs With API Descriptors
- Sessions
  - About Stateful Sessions
  - About Stateless Sessions
- Secrets
Installation in Detail
- About Securing Connections
- Installing IG in Standalone Mode
  - Configuring IG For HTTPS (Server-Side)
  - Adding .jar Files for IG Extensions
- Installing IG in Apache Tomcat
- Installing IG in Jetty
- Installing IG in JBoss EAP
  - Configuring Cookie Domains in JBoss EAP
  - Configuring IG for HTTPS (Server-Side) in JBoss EAP
- Preparing the Network
- Changing the Default Location of the Configuration Folders
- Preparing For Load Balancing and Failover
- Configuring IG For HTTPS (Client-Side)
- Using JWT Sessions
  - Encrypting JWT Sessions
  - Sharing JWT Session Between Multiple Instances of IG
- Setting Up AM
Getting Login Credentials From Data Sources
- Logging In With Credentials From a File
- Logging In With Credentials From a Database
Getting Login Credentials From AM
Single Sign-On and Cross-Domain Single Sign-On
- Authenticating With SSO
- Authenticating With CDSSO
- Using WebSocket Notifications to Evict the Session Info Cache
Enforcing Policy Decisions From AM
- About Policy Enforcement
- Enforcing AM Policy Decisions In the Same Domain
- Enforcing AM Policy Decisions In Different Domains
- Using WebSocket Notifications to Evict the Policy Cache
Hardening Authorization With Advice From AM
- Stepping Up the Authentication Level for an AM Session
- Increasing Authorization for a Single Transaction
Protecting Against CSRF Attacks
Acting As a SAML 2.0 Service Provider
- About SAML 2.0 SSO and Federation
  - About SP-Initiated SSO
  - About IDP-Initiated SSO
- Set Up SAML 2.0 SSO and Federation
- Using a Non-Transient NameID Format
- Example Fedlet Files
Acting As an OAuth 2.0 Resource Server
- About IG As an OAuth 2.0 Resource Server
- Validating Access_Tokens Through the Introspection Endpoint
- Validating Stateless Access_Tokens With the StatelessAccessTokenResolver
- Validating Certificate-Bound Access Tokens
  - mTLS Using Standard TLS Client Certificate Authentication
  - mTLS Using Trusted Headers
- Using the OAuth 2.0 Context to Log in to the Sample Application
- Caching Access_Tokens
Acting As an OpenID Connect Relying Party
- About IG With OpenID Connect
- Using AM As a Single OpenID Connect Provider
  - Authenticating Automatically to the Sample Application
- Using Multiple OpenID Connect Providers
- Discovering and Dynamically Registering With OpenID Connect Providers
Transforming OpenID Connect ID Tokens Into SAML Assertions
Supporting UMA Resource Servers
- About IG As an UMA Resource Server
- Limitations Of IG As an UMA Resource Server
- Setting Up the UMA Example
- Editing the Example to Match Custom Settings
- Understanding the UMA API With an API Descriptor
Configuring Routers and Routes
- Configuring Routers
- Configuring Routes
- Creating and Editing Routes Through Common REST
- Preventing the Reload of Routes
- Accessing Reserved Routes
Proxying WebSocket Traffic
Implementing Not-Enforced URIs for Authentication
- Implementing Not-Enforced URIs With a SwitchFilter
- Implementing Not-Enforced URIs With a DispatchHandler
Configuration Templates
- Proxy and Capture
- Simple Login Form
- Login Form With Cookie From Login Page
- Login Form With Password Replay and Cookie Filters
- Login Which Requires a Hidden Value From the Login Page
- HTTP and HTTPS Application
- AM Integration With Headers
Extending IG
- Extending IG Through Scripts
- Extending IG Through the Java API
- Recording Custom Audit Events
Throttling the Rate of Requests to Protected Applications
- About Throttling
- Configuring Simple Throttling
- Configuring Mapped Throttling
  - Considerations for Dynamic Throttling
- Configuring Scriptable Throttling
SAML 2.0 and Multiple Applications

Hardening Authorization With Advice From AM

To protect sensitive resources, AM policies can be configured with additional conditions to harden the authorization. When AM communicates these policy decisions to IG, the decision includes advices to indicate what extra conditions the user must meet.

Conditions can include requirements to access the resource over a secure channel, access during working hours, or to authenticate again at a higher authentication level. For more information, see AM's Authorization Guide.

The following sections build on the policies in Enforcing Policy Decisions From AM to step up the authentication level:

Using WebSocket Notifications to Evict the Policy Cache

Stepping Up the Authentication Level for an AM Session

Read a different version of :