Client identity in HTTP headers (–c)

Use the –c junction option to insert client identity, group membership, and credential information specific to Security Access Manager. You can insert the information into the HTTP headers of requests that are destined for junctioned third-party application servers.

This HTTP header information enables applications on junctioned third-party servers to do user-specific actions (such as single signon) based on the client's Security Access Manager identity.

HTTP header information must be transformed to environment variable format for use by a service on the back-end server. To support CGI programming, header information is transformed into a CGI environment variable format. It is transformed by replacing all dashes (-) with underscores (_) and prepending HTTP to the beginning of the header string. The Security Access Manager HTTP header entries are available to CGI programs as the environment variables HTTP_IV_USER, HTTP_IV_USER_L, HTTP_IV_GROUPS, and HTTP_IV_CREDS.

For other application framework products, refer to the appropriate product documentation for instructions on extracting headers from HTTP requests.

HTTP Headers specific to Security Access Manager	CGI Environment Variable Headers	Description
iv-user	HTTP_IV_USER	The user name of the client (login ID). Defaults to "Unauthenticated" if client is unauthenticated (unknown).
iv-user-l	HTTP_IV_USER_L	The distinguished name (DN) of the client.
iv-groups	HTTP_IV_GROUPS	A list of groups to which the client belongs. Consists of comma separated quoted entries.
iv-creds	HTTP_IV_CREDS	Encoded opaque data structure that represents an Security Access Manager credential. Supplies credentials to remote servers so mid-tier applications can use the authorization API to call the authorization service. See Authorization C API Developer Reference.

The –c option to the junction create command (see Command option summary: standard junctions) specifies what Security Access Manager HTTP header data is sent across a junction to the back-end application server:

-c header-types

The header-types arguments:

Argument	Description
iv_user	Provides the user name (short form) to the iv-user HTTP header of the request.
iv_user_l	Provides the full DN of the user (long form) to the iv-user-l HTTP header of the request.
iv_groups	Provides the user's list of groups to the iv-groups HTTP header of the request.
iv_creds	Provides the user's credential information to the iv-creds HTTP header of the request.
all	Provides identity information for iv-user, iv-groups, and iv-creds HTTP headers of the request.

The –c option is also supported on virtual host junctions.