IapConfiguration

The Identity-Aware Proxy (IAP) configuration information used by an IapCredential. Currently, only the Microsoft Entra Application Proxy is supported via the Microsoft Identity Platform.

Since

200.8.0

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard

The type of user interaction required for authentication and consent while signing in to the Identity-Aware Proxy (IAP). The default value is IapAuthorizationPromptType.Unspecified, which defines the default user interaction behavior for the Identity-Aware Proxy (IAP). It optimizes the user experience by minimizing unnecessary credential prompts. The single sign-on (SSO) experience is determined by the authenticated Identity-Aware Proxy (IAP) session within the web session.

Link copied to clipboard

The Identity-Aware Proxy (IAP) authorize endpoint that facilitates user authentication. This URL is presented in the web session, allowing users to enter their credentials. Upon successful authentication, an authorization code is received, which can be used to generate tokens for secure access to protected resources.

Link copied to clipboard

A unique application-specific identifier associated with an application which is registered with the Identity-Aware Proxy (IAP) portal. This identifier is utilized by the Identity-Aware Proxy (IAP) to determine which application is attempting to authenticate. It is essential for accurately recognizing and processing authentication requests, ensuring that only the correct application is granted access to protected resources.

Link copied to clipboard

A private key used to verify that the application is authorized to access secured services. This key establishes trust between the application and the Identity-Aware Proxy (IAP), ensuring that only authenticated applications can request access to protected resources. It must be kept confidential to prevent unauthorized access. Notably, Microsoft Entra Application Proxy does not require a client secret for authorization and token generation.

Link copied to clipboard

The hosts of the ArcGIS resources that are to be accessed behind the Identity-Aware Proxy (IAP). Supports the use of wildcards (*) to facilitate flexible access control. For example,

Link copied to clipboard

A unique identifier associated with an application which is registered with the Identity-Aware Proxy (IAP) portal. This identifier is utilized by the Identity-Aware Proxy (IAP) to determine which application is attempting to authenticate. It is essential for accurately recognizing and processing authentication requests, ensuring that only the correct application is granted access to protected resources. Notably, Microsoft Entra Application Proxy does not require an IAP client ID for authorization and token generation.

Link copied to clipboard

The Identity-Aware Proxy (IAP) endpoint used to log the user out of the web session and invalidate any associated tokens. This endpoint ensures that the user's session is securely terminated, preventing further access to protected resources.

Link copied to clipboard

The URL that the Identity-Aware Proxy (IAP) login and logout pages will redirect to when authentication completes. The scheme of this URL must be registered as a custom URL scheme in the application.

Link copied to clipboard

A list of permissions that define the access level for which the user should be authenticated. The following scopes will be added if they are missing, as they are essential for generating the necessary tokens and ensuring appropriate access to protected resources:

Link copied to clipboard

The Identity-Aware Proxy (IAP) endpoint responsible for generating access, ID, and refresh tokens. This endpoint is used to exchange the authorization code for tokens that allow secure access to protected resources.

Functions

Link copied to clipboard

Checks if this configuration can be used for the given URL. A configuration can be used for a URL if the URL's host matches one of the hosts specified in the configuration's hosts behind proxy.

Link copied to clipboard
open operator override fun equals(other: Any?): Boolean
Link copied to clipboard
open override fun hashCode(): Int

Inherited functions

Link copied to clipboard
open override fun toJson(): String

Convert an object to JSON string.