External authentication interface HTTP header reference

External authentication interface HTTP header reference

Description Stanza Entry Default
Header Name Required Notes

PAC
[eai] eai-pac-header

am-eai-pac yes Authentication data in PAC format. Direct conversion to credential.
This header takes precedence over the user identity header.
Place this header before others in the response headers.

PAC Service ID
[eai] eai-pac-svc-header

am-eai-pac-svc no The service ID that should be used to convert the PAC into a credential.
If no service ID is specified the default PAC service will be used.

Description Stanza Entry Default
Header Name Required Notes

User Identity
[eai] eai-user-id-header

am-eai-user-id yes The ID of the user to generate the credential for.
This header should precede all others in the HTTP response.

Authentication Level [eai]
eai-auth-level-header am-eai-auth-level no The authentication strength level for the generated credential.
If no value is specified, a default value of 1 is used.

Extended Attribute List
[eai] eai-xattrs-header

am-eai-xattrs no A comma delimited list of HTTP header names that should be added to the credential as extended attributes.
If attributes of the same name are specified by a custom authentication module build with the external authentication C API, the attributes from the custom module take precedence over the HTTP header attributes.

External user identity
[eai] eai-ext-user-id-header

am-eai-ext-user-id no Name of the header containing the ID of the external (not in the ISAM user registry) user to use when creating a credential.

External group identity
[eai] eai-ext-user-groups-header

am-eai-ext-user-groups no Name of the header containing the group or groups an external user is to be considered a member of when generating a credential. This entry is only used when the eai-ext-user-id-header stanza entry's value is provided.

Description Stanza Entry Default
Header Name Required Notes

Session Identifier
[eai] eai-session-id-header

am-eai-session-id yes The identify of the distributed session managed by the Session Management Server.

Description Stanza Entry Default
Header Name Required Notes

Redirect URL
[eai] eai-redir-url-header

am-eai-redir-url no Only used if WebSEAL does not have a cached request or when automatic redirection is not enabled.
URI the client is redirected to upon successful authentication.
If no URI is specified, the "login-success" page is returned.

Flags header
[eai] eai-flags-header

am-eai-flags no The only supported flag is stream. Example:
am-eai-flags: stream

Parent topic: External authentication interface
Related concepts

External authentication interface overview
External authentication interface process flow
External authentication interface configuration
Use of external authentication interface with existing WebSEAL features

Description	Stanza Entry	Default Header Name	Required	Notes
User Identity	[eai] eai-user-id-header	am-eai-user-id	yes	The ID of the user to generate the credential for. This header should precede all others in the HTTP response.
Authentication Level	[eai] eai-auth-level-header	am-eai-auth-level	no	The authentication strength level for the generated credential. If no value is specified, a default value of 1 is used.
Extended Attribute List	[eai] eai-xattrs-header	am-eai-xattrs	no	A comma delimited list of HTTP header names that should be added to the credential as extended attributes. If attributes of the same name are specified by a custom authentication module build with the external authentication C API, the attributes from the custom module take precedence over the HTTP header attributes.
External user identity	[eai] eai-ext-user-id-header	am-eai-ext-user-id	no	Name of the header containing the ID of the external (not in the ISAM user registry) user to use when creating a credential.
External group identity	[eai] eai-ext-user-groups-header	am-eai-ext-user-groups	no	Name of the header containing the group or groups an external user is to be considered a member of when generating a credential. This entry is only used when the eai-ext-user-id-header stanza entry's value is provided.