Forwarding claims from a client to a Web service
You can set up the Ambient Data Framework to allow a client to include claims in a request sent to the Web service. This section explains how to do this.
- Claim forwarding mechanism
To forward Claims from a client to a server, serialize your Claims and include them in a client request. Some data type conversion may be needed after deserialization. - Adding Claims to your client request
To add Claims to your client request, use the serializer offered by the Ambient Data Framework Java and .NET APIs, or create your own serializer, to turn your Claim(s) (URI-value pairs) into one or more cookies in JSON format on the client side. You then attach the JSON cookie(s) to the client's request yourself. - JSON cookie format reference
A list of the items to be found in a JSON-formatted cookie, as produced by the (custom) serializer of Claims. This topic also explains how the various JSON values are deserialized on the receiving end. - Configuring which claims the Web service accepts
Use theGloballyAcceptedClaimssection in your Ambient Data Framework configuration to specify which Claims your Web service accepts. The Web service ignores all Claims that are not listed in this section. - Configuring which accounts can send cookies with Claims
Configure the Web service that generates tokens to allow cookie forwarding for one, some or all user accounts. - Configuring a whitelist of IP addresses from which cookies may be sent
A whitelist specifies IP addresses or ranges from which cookies are accepted even if authentication fails. - Changing the default name of the cookie
Only if you have a pressing reason to do so, you can specify a name for the Claim cookie being forwarded from the client to the Web service. If you do not configure a name for your cookie, a cookie with the default nameTAFContextis assumed.