Client identity in HTTP headers (-c)

Client identity in HTTP headers (-c)

ISAM HTTP headers

Use the -c junction option to insert client identity, group membership, and credential information specific to ISAM. We can insert the information into the HTTP headers of requests destined for junctioned third-party application servers. This HTTP header information enables applications on junctioned third-party servers to do user-specific actions (such as single signon) based on the client's ISAM identity. The -c option to the junction create command specifies what ISAM HTTP header data is sent across a junction to the back-end application server:
-c header-types

The header-types arguments:

Argument Description

iv_user Provides the user name (short form) to the iv-user HTTP header of the request.

iv_user_l Provides the full DN of the user (long form) to the iv-user-l HTTP header of the request.

iv_groups Provides the user's list of groups to the iv-groups HTTP header of the request.

iv_creds Provides the user's credential information to the iv-creds HTTP header of the request.

all Provides identity information for iv-user, iv-groups, and iv-creds HTTP headers of the request.

The -c option is also supported on virtual host junctions.
CGI environment variable headers

If a service on the backend server uses CGI, header information must be transformed to CGI environment variable format All dashes (-) are replaced with underscores (_) and HTTP is prepended to the beginning of the header string. The ISAM HTTP header entries are available to CGI programs as the environment variables HTTP_IV_USER, HTTP_IV_USER_L, HTTP_IV_GROUPS, and HTTP_IV_CREDS.
For other application framework products, refer to the appropriate product documentation for instructions on extracting headers from HTTP requests.

ISAM HTTP headers CGI HTTP headers Description

iv-user HTTP_IV_USER The user name of the client (login ID). Defaults to "Unauthenticated" if client is unauthenticated (unknown).

iv-user-l HTTP_IV_USER_L The distinguished name (DN) of the client.

iv-groups HTTP_IV_GROUPS A list of groups to which the client belongs. Consists of comma separated quoted entries.

iv-creds HTTP_IV_CREDS Encoded opaque data structure representing an ISAM credential. Supplies credentials to remote servers so mid-tier applications can use the authorization API to call the authorization service. For more information, see Authorization C API Developer Reference.

Parent topic: Single Sign-on Solutions

Argument	Description
iv_user	Provides the user name (short form) to the iv-user HTTP header of the request.
iv_user_l	Provides the full DN of the user (long form) to the iv-user-l HTTP header of the request.
iv_groups	Provides the user's list of groups to the iv-groups HTTP header of the request.
iv_creds	Provides the user's credential information to the iv-creds HTTP header of the request.
all	Provides identity information for iv-user, iv-groups, and iv-creds HTTP headers of the request.

ISAM HTTP headers	CGI HTTP headers	Description
iv-user	HTTP_IV_USER	The user name of the client (login ID). Defaults to "Unauthenticated" if client is unauthenticated (unknown).
iv-user-l	HTTP_IV_USER_L	The distinguished name (DN) of the client.
iv-groups	HTTP_IV_GROUPS	A list of groups to which the client belongs. Consists of comma separated quoted entries.
iv-creds	HTTP_IV_CREDS	Encoded opaque data structure representing an ISAM credential. Supplies credentials to remote servers so mid-tier applications can use the authorization API to call the authorization service. For more information, see Authorization C API Developer Reference.