AuthenticationHeaderProvider (SAP HANA Cloud Platform SDK)

```
public interface AuthenticationHeaderProvider
```
The AuthenticationHeaderProvider provided methods for generation of authentication headers for access to on-premise systems and applications deployed on the same HCP landscape.
Web applications can access AuthenticationHeaderProvider via JNDI lookup or resource injection.

Method Summary

Methods
Modifier and Type	Method and Description
`AuthenticationHeader`	`getAppToAppSSOHeader(String requestURL)` Generates authentication header for SSO with other applications on the same landscape.
`AuthenticationHeader`	`getApptoAppSSOHeader(String requestURL, DestinationConfiguration desitnation)` Generates authentication header for SSO with other applications or systems.
`List<AuthenticationHeader>`	`getOAuth2SAMLBearerAssertionHeaders(DestinationConfiguration destinationConfiguration)` Generates authentication headers for OAuth2SAMLBearerAssertion destination. OAuth access token will be generated for destinations with authentication type OAuth2SAMLBearerAssertion in order OAuth-protected resources to be consumed.
`AuthenticationHeader`	`getPrincipalPropagationHeader()` Generates header for principal propagation to on-premise systems.
`AuthenticationHeader`	`getSAPAssertionHeader(DestinationConfiguration destinationConfiguration)` Generates authentication header for SAPAssertionSSO destination. SAP assertion ticket will be generated for destinations with authentication type SAPAssertionSSO in order to propagate the currently logged on user to a SAP back-end system.

- Method Detail
  - getAppToAppSSOHeader
```
AuthenticationHeader getAppToAppSSOHeader(String requestURL)
```
    Generates authentication header for SSO with other applications on the same landscape. Generated header can be used only once and only for the specified request URL.
    SSO Header is valid only between applications which are working on behalf of one and the same account for which SSO is allowed.
    There are three prerequisites for using application-to-application SSO:
    - Both applications should work on behalf of the same account
    - Principal Propagation must be enabled for the account
    - The receiving application must use SAML2 authentication
    Before adding this header ensure that there is no other header with the same name injected in the request. The name of AppToAppSSOHeader can be accessed via AuthenticationHeader.getName().
    Parameters:
    requestURL - the URL for which the generated headers will be used.
    
    Returns:
    Authentication header which can be used for SSO with other applications on the same landscape.
  - getApptoAppSSOHeader
```
AuthenticationHeader getApptoAppSSOHeader(String requestURL,
                                        DestinationConfiguration desitnation)
```
    Generates authentication header for SSO with other applications or systems. Generated header can be used only once and only for the specified request URL.
    This method allows for example changing the audience attribute of the issued SAML2 assertion so that it can be sent to applications or systems outside of the current account.
    If the passed DestinationConfiguration has an attribute with name saml2_audience then its value will be set as the audience attribute of the issued SAML2 assertion. If not then calling this method will have return the same value as calling getAppToAppSSOHeader(String).
    
    There are three prerequisites for using application-to-application SSO:
    - The receiving system or application must use SAML2 authentication
    - The local configuration should be added as trusted SAML IDP in the receiving system or application
    - Principal Propagation must be enabled for the sending account
    Before adding this header ensure that there is no other header with the same name injected in the request. The name of AppToAppSSOHeader can be accessed via AuthenticationHeader.getName().
    Parameters:
    requestURL - the URL for which the generated headers will be used.
    desitnation - the destination configuration
    
    Returns:
    Authentication header which can be used for SSO with other systems that trust the local configuration of the account.
  - getPrincipalPropagationHeader
```
AuthenticationHeader getPrincipalPropagationHeader()
```
    Generates header for principal propagation to on-premise systems.
    
    Returns:
    Authentication header which can be used for principal propagation to on-premise systems.
  - getSAPAssertionHeader
```
AuthenticationHeader getSAPAssertionHeader(DestinationConfiguration destinationConfiguration)
```
    Generates authentication header for SAPAssertionSSO destination.
    SAP assertion ticket will be generated for destinations with authentication type SAPAssertionSSO in order to propagate the currently logged on user to a SAP back-end system. Note that generation of such assertion ticket is CPU intensive operation and should be generated only once per user session.
    Before adding this header ensure that there is no other header with the same name injected in the request. The name of SAPAssertionHeader can be accessed via AuthenticationHeader.getName().
    
    Parameters:
    destinationConfiguration - the SAPAssertionSSO destination for which an authentication header will be generated.
    
    Returns:
    the generated authentication header.
    
    Throws:
    
    IllegalArgumentException - when configuration properties are not well configured or authentication type is not SAPAssertionSSO.
  - getOAuth2SAMLBearerAssertionHeaders
```
List<AuthenticationHeader> getOAuth2SAMLBearerAssertionHeaders(DestinationConfiguration destinationConfiguration)
```
    Generates authentication headers for OAuth2SAMLBearerAssertion destination.
    OAuth access token will be generated for destinations with authentication type OAuth2SAMLBearerAssertion in order OAuth-protected resources to be consumed. The generation of access tokens is time consuming operation. To avoid this issue there is a build-in user<->token cache which takes care to auto-renovate tokens before they expire, i.e when a token is about to expire, a new token is created shortly before the expiration of the old one.
    
    Parameters:
    destinationConfiguration - the OAuth2SAMLBearerAssertion destination for which authentication headers will be generated.
    
    Returns:
    the generated authentication headers.
    
    Throws:
    
    IllegalArgumentException - when configuration properties are not well configured or authentication type is not OAuth2SAMLBearerAssertion.

Interface AuthenticationHeaderProvider

Method Summary

Method Detail

getAppToAppSSOHeader

getApptoAppSSOHeader

getPrincipalPropagationHeader

getSAPAssertionHeader

getOAuth2SAMLBearerAssertionHeaders