Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

USER_CHAIN is a HTTP Header, as you have listed,

“USER_CHAIN” is the standard name for the Property Tag


The format is a comma delimited set of entries:

<ENTRY1>,<ENTRY2>…


Within each ENTRY, there are at least 3, but up to 4 fields delimited by colon ‘:’

Field 1: FQI (Fully Qualified Identity)

Field 2: Component name (Component isn’t an official entry in NS, but should start with NS).  It is primarily for logging.   

Field 3: Protocol (BAth, OAth and x509 are best practice)

Field 4 (Optional): Request (If Field 3 exists, and is “AS”, then the calling services is requesting that the Identity be treated as the official Identity


example

USER_CHAIN=m99999@myapp.onap.org:org.onap.myapp.gui:x509:AS,m00000@something.onap.org:org.onap.myapp.entrypoint:BAth


 Note: The app itself may not choose to honor the “AS” request, because it is up to the App to decide which incoming Apps it actually trusts to do correct Authentication.


If using CADI, set the “cadi_trust_perm” value with the Permission which THE APP WILL GRANT trust.


Example:

Where "org.onap.myapp" is the NS of the group adding.

cadi_trust_perm=org.onap.myapp.mytrust|org.onap|trust


APP B, having set this perm, can then grant this perm to the APP A if it chooses to trust the “AS” request on the first entry.

  

  • No labels