Using the iChain OLAC feature, you can customize the authorization header as described below.
By default, iChain puts the fully qualified distinguished name and user-entered password in the authorization header. However, administrators might want to change the content of this header by changing the value of the username or password. This customization might be required because some Web servers (Microsoft IIS) require the common name (CN) instead of DN as the username. Using OLAC, you can customize the authorization header.
For a particular protected resource, you can define special OLAC parameters, such as ICHAIN_UID and ICHAIN_PWD, to change the values of the authorization header. The values returned by OLAC will be placed in the authorization header as username and password, respectively.
For example, if you define the ICHAIN_UID=CN and ICHAIN_PWD=SSN OLAC parameters for a protected resource, OLAC returns the values of CN and SSN attributes of the logged-in user. iChain uses these values as the username and password to construct the authorization header and sends it to the Web server.
Both of these parameters are optional. If only one parameter is defined, such as ICHAIN_UID=CN, the other parameter value is filled with default behavior, such as a password, provided by the user via Forward Authorization.
IMPORTANT:If you have defined these special parameters and OLAC is not enabled or the value of the given attribute is NULL, iChain passes NULL in the authentication header.
If you define values for ICHAIN_UID or ICHAIN_PWD, the value you set for the Forward Authorization Information to Web Server option is ignored. A basic authentication header is always sent. For more information about this option, see Add Authentication Profiles Dialog Box.