Latest update: 7.0.2

Preface
- About This Guide
- Example Installation for This Guide
- External Tools Used In This Guide
About IG
- IG As an HTTP Gateway
- Processing Requests and Responses
- Development Mode and Production Mode
- Decorators
- Configuration Parameters Declared as Property Variables
- Changing the Configuration and Restarting IG
- Understanding IG APIs With API Descriptors
- Sessions
  - About Stateful Sessions
  - About Stateless Sessions
- Secrets
Installation in Detail
- About Securing Connections
- Installing IG in Standalone Mode
  - Configuring IG For HTTPS (Server-Side)
  - Adding .jar Files for IG Extensions
- Installing IG in Apache Tomcat
- Installing IG in Jetty
- Installing IG in JBoss EAP
  - Configuring Cookie Domains in JBoss EAP
  - Configuring IG for HTTPS (Server-Side) in JBoss EAP
- Preparing the Network
- Changing the Default Location of the Configuration Folders
- Preparing For Load Balancing and Failover
- Configuring IG For HTTPS (Client-Side)
- Using JWT Sessions
  - Encrypting JWT Sessions
  - Sharing JWT Session Between Multiple Instances of IG
- Setting Up AM
Getting Login Credentials From Data Sources
- Logging In With Credentials From a File
- Logging In With Credentials From a Database
Getting Login Credentials From AM
Single Sign-On and Cross-Domain Single Sign-On
- Authenticating With SSO
- Authenticating With CDSSO
- Using WebSocket Notifications to Evict the Session Info Cache
Enforcing Policy Decisions From AM
- About Policy Enforcement
- Enforcing AM Policy Decisions In the Same Domain
- Enforcing AM Policy Decisions In Different Domains
- Using WebSocket Notifications to Evict the Policy Cache
Hardening Authorization With Advice From AM
- Stepping Up the Authentication Level for an AM Session
- Increasing Authorization for a Single Transaction
Protecting Against CSRF Attacks
Acting As a SAML 2.0 Service Provider
- About SAML 2.0 SSO and Federation
  - About SP-Initiated SSO
  - About IDP-Initiated SSO
- Set Up SAML 2.0 SSO and Federation
- Using a Non-Transient NameID Format
- Example Fedlet Files
Acting As an OAuth 2.0 Resource Server
- About IG As an OAuth 2.0 Resource Server
- Validating Access_Tokens Through the Introspection Endpoint
- Validating Stateless Access_Tokens With the StatelessAccessTokenResolver
- Validating Certificate-Bound Access Tokens
  - mTLS Using Standard TLS Client Certificate Authentication
  - mTLS Using Trusted Headers
- Using the OAuth 2.0 Context to Log in to the Sample Application
- Caching Access_Tokens
Acting As an OpenID Connect Relying Party
- About IG With OpenID Connect
- Using AM As a Single OpenID Connect Provider
  - Authenticating Automatically to the Sample Application
- Using Multiple OpenID Connect Providers
- Discovering and Dynamically Registering With OpenID Connect Providers
Transforming OpenID Connect ID Tokens Into SAML Assertions
Supporting UMA Resource Servers
- About IG As an UMA Resource Server
- Limitations Of IG As an UMA Resource Server
- Setting Up the UMA Example
- Editing the Example to Match Custom Settings
- Understanding the UMA API With an API Descriptor
Configuring Routers and Routes
- Configuring Routers
- Configuring Routes
- Creating and Editing Routes Through Common REST
- Preventing the Reload of Routes
- Accessing Reserved Routes
Proxying WebSocket Traffic
Implementing Not-Enforced URIs for Authentication
- Implementing Not-Enforced URIs With a SwitchFilter
- Implementing Not-Enforced URIs With a DispatchHandler
Configuration Templates
- Proxy and Capture
- Simple Login Form
- Login Form With Cookie From Login Page
- Login Form With Password Replay and Cookie Filters
- Login Which Requires a Hidden Value From the Login Page
- HTTP and HTTPS Application
- AM Integration With Headers
Extending IG
- Extending IG Through Scripts
- Extending IG Through the Java API
- Recording Custom Audit Events
Throttling the Rate of Requests to Protected Applications
- About Throttling
- Configuring Simple Throttling
- Configuring Mapped Throttling
  - Considerations for Dynamic Throttling
- Configuring Scriptable Throttling
SAML 2.0 and Multiple Applications

Supporting UMA Resource Servers

IG includes support for User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization specifications. This chapter describes UMA 2.0, and applies to IG 5.5 and later versions, used with AM 5.5 and later versions. For earlier versions, see their documentation.

Transforming OpenID Connect ID Tokens Into SAML Assertions

About IG As an UMA Resource Server

Read a different version of Supporting UMA Resource Servers:

4 4.5 5 5.5 6 6.1 6.5