We follow the IAM directory structure as defined in the official IAM documentation, but expect the contents of <instance_1> to be in the root of the ZIP-file. Hence, everything that can be added to the IAM instance directory can also be added in Airlock SaaS. In addition to the IAM directory structure, a saas.yaml file can be included for further configuration.
For instance, a ZIP file could look like this (not conclusive):
adminapp-texts/loginapp-texts/servicecontainerapp-texts/transaction-approval-texts/-
libs/Risk
Be aware that the Microgateway may interfere with and block certain functionality. instance.propertiesmedusa-configuration.xmliam-config.yaml(optional)customization.zip(may have any name, must be the same as defined ininstance.properties)saas.yaml(optional)
adminapp-texts
Add any number of string_LANG.properties files. You can omit them if they are not required.
loginapp-texts
Add any number of string_LANG.properties files. You can omit them if they are not required.
servicecontainerapp-texts
Add any number of string_LANG.properties files. You can omit them if they are not required.
transaction-approval-texts
Add any number of string_LANG.properties files. You can omit them if they are not required.
libs
Any JAR-files to support custom extensions in the Loginapp and/or Adminapp.
Risk
The person who uploads the ZIP file is responsible for assessing the security implications of any added JAR files. The SaaS platform does not validate them.
Risk
Not all JAR files may be supported, as the Microgateway may interfere with or block certain functionality when the user agent interacts with the IAM.
medusa-configuration.xml
Follow the documentation below.
iam-config.yaml
If YAML is preferred over XML, Airlock SaaS fully supports iam-config.yaml as well. All restrictions that are relevant for the medusa-configuration.xml also apply for iam-config.yaml (e.g. secrets) and you may follow the documentation below and substitute the XML examples with your YAML. When using iam-config.yaml , make sure to follow the official IAM documentation to enable YAML mode in IAM.
Official documentation: https://docs.airlock.com/iam/8.4/index/1739013283099.html
instance.properties
Is currently copied fully. However, the feature set of instance.properties will be restricted in the future (with an allowlist). For the time being, limit your use to:
iam.environment.idiam.log.leveliam.loginapp.rest.ui.customizations
saas.yaml
End of life: The saas.yaml is deprecated and will not be supported in a future Airlock SaaS version.
The following settings can be configured through the SaaS API reference using an Oauth 2.0 client.
The saas.yaml file can contain multiple types of configurations for tenant customization. These configurations must be separated using the YAML document separator --- . The file is optional and supports the following configuration types:
EgressTrafficPolicy: Controls egress traffic whitelisting
MicrogatewayDenyRulesPatch: Add Microgateway DenyRules exceptions
MicrogatewayHeaderRewritesPatch: Add Microgateway custom HeaderRewrites rules
Host: Defines custom domain configurations for tenant applications (when custom domains are enabled)
apiVersion: iam.airlock.com/v1
kind: EgressTrafficPolicy
spec:
loginapp:
destinations:
- host: api.example.com
port: 443
protocol: TCP
appProtocol: HTTPS
---
apiVersion: iam.airlock.com/v1
kind: MicrogatewayDenyRulesPatch
spec:
loginapp:
request:
builtIn:
exceptions:
- ruleKeys:
- XSS
blockedData:
parameter:
name:
matcher:
exact: "custom_param"
---
apiVersion: iam.airlock.com/v1
kind: MicrogatewayHeaderRewritesPatch
spec:
loginapp:
request:
allow:
matchingHeaders:
custom:
- name: Allow X-Legacy-Password
headers:
- name:
matcher:
exact: X-Legacy-Password
---
apiVersion: iam.airlock.com/v1
kind: Host
spec:
loginapp:
host: login.customer-domain.com
tls:
minProtocolVersion: TLSV1_3
adminapp:
host: admin.customer-domain.com
tls:
minProtocolVersion: TLSV1_3