Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »


 

USER_CHAIN is a HTTP Header, as you have listed,

“USER_CHAIN” is our standard for AAF at AT&T.

 

The format is a comma delimited set of entries:

<ENTRY1>,<ENTRY2>…

 

Within each Entry, there are at least 2, but up to 4 fields delimited by colon ‘:’

Field 1: FQI (Fully Qualified Identity)

Field 2: Component name (Component isn’t an official entry in NS, but should start with NS).  It is primarily for logging.   

Field 3: Protocol (BAth, OAth and x509 are valid)

Field 4 (Optional): Request (If Field 3 exists, and is “AS”, then the calling services is requesting that the Identity be treated as the official Identity

 

example

USER_CHAIN=m99999@myapp.onap.org:org.onap.myapp.gui:x509:AS,m00000@something.onap.org:org.onap.myapp.entrypoint:BAth

 

 Note: The app itself may not choose to honor the “AS” request, because it is up to the App to decide which incoming Apps it actually trusts to do correct Authentication.

 

If using CADI, set the “cadi_trust_perm” value with the Permission which THE APP WILL GRANT trust.

 

Example:

Where "org.onap.myapp" is the NS of the group adding.

cadi_trust_perm=org.onap.myapp.mytrust|org.onap|trust

 

APP B, having set this perm, can then grant this perm to the APP A if it chooses to trust the “AS” request on the first entry.

  

  • No labels