Manualshelf

HP e-Commerce / XML director server appliance sa8250 - Users Guide

ManualsBrandsHP ManualsServerHP e-Commerce/XML Director sa8250
51525354555657585960
C H A P T E R 2 HP e-Commerce/XML Director Server Appliance SA8250 User Guide
40
HTTP Header Option Fields
The SA8250 can make the IP address of a requesting client available
to a fulfillment server by constructing a custom HTTP header option,
with the clients IP as the value:
HP_SOURCE_IP:<client-IP>
SSL-related HTTP header option fields are only used by the SA8250
with any SSL service. The HP_CIPHER_USED header option is
used whenever HP_SOURCE_IP is used, to provide the name of the
SSL-cipher negotiated between the SA8250 and the client:
HP_CIPHER_USED:<ssl-cipher>
These two header fields are used only by the SA8250 when client
authentication is in use:
HP_CLIENT_CERTIFICATE:<client-certificate>
HP_SESSION_ID: <SSL-session-ID>
Because a client certificate contains information useful for client/user
authorization, the SA8250 inserts the client certificate in the request
header before sending the request to the server. The server can then
extract the certificate from the request header and use it for
authorization or other purposes.
The client certificate is inserted in the request header only once per
session. Requests following the initial request will be sent to the
server with only the SSL-session-id in the header. The SSL-session-
id is unique for each session and allows the server to work with
multiple sessions. The client certificate is inserted in the request
header with a new SSL-session-id only when the client certificate has
been re-negotiated between the SA8250 and the client:
New Session/Initial Request: The SA8250 sends both the
HP_CLIENT_CERTIFICATE and HP_SESSION_ID header
options.
Existing Session/Subsequent Requests: The SA8250 sends
only the HP_SESSION_ID header option.
The use of header option fields is an efficient way of supplying
information to the server about the client. To ease the use of this
important feature, the SA8250 allows customization of all the above
header option field names. For more information, see Chapter 5.