Package ch.ivyteam.ivy.webserver.security

Class SingleSignOnValve

java.lang.Object

org.apache.catalina.util.LifecycleBase

org.apache.catalina.util.LifecycleMBeanBase

org.apache.catalina.valves.ValveBase

ch.ivyteam.ivy.webserver.security.SingleSignOnValve

All Implemented Interfaces:

MBeanRegistration, org.apache.catalina.Contained, org.apache.catalina.JmxEnabled, org.apache.catalina.Lifecycle, org.apache.catalina.Valve

public class SingleSignOnValve
extends org.apache.catalina.valves.ValveBase

Only use this Valve if you exclusively access Axon Ivy over the WebApplication Firewall. Otherwise this will be a security hole.

This Valve is useful if Axon Ivy is protected by a WebApplication Firewall (WAF) with an integrated Identity and Access Management (IAM). Those systems will authenticate and authorize users. The identified user is then sent from the WAF to Axon Ivy using a HTTP request header.

 WebBrowser ==> WAF ==> Axon Ivy

                 ^          |
                 |          |
                 v          v

                IAM ==> Active Directory
 

Since:

6.6

API:

This is a public API.