NAME
    Catalyst::Authentication::Credential::Upstream::Headers

SYNOPSIS
     use Catalyst qw(Authentication);

     __PACKAGE__->config(
         authentication => {
             default_realm => 'upstream',
             realms => {
                 upstream => {
                     credential => {
                         class => 'Upstream::Headers',
                         user_header => 'X-Header-Containing-Username',
                         role_header => 'X-Header-Containing-Comma-Separated-List-Of-Roles'
                     }
                 }
             }
         }
     );

DESCRIPTION
    This authentication credential for Catalyst::Plugin::Authentication was
    originally implemented to support OpenAM in a way that fit into the
    framework provided by C::P::A.

    OpenAM (formerly Sun's OpenSSO) is a federated identity management
    platform. It is a complex product supporting SAML and integration with
    Microsoft's Active Directory. OpenAM provides authentication and
    authorization services to web applications by utilizing agents that run
    in front of the application. The agents are implemented as plugins for
    popular HTTP servers, injecting logic into the request handler and
    applying policy based upon upstream configuration.

    One of the methods of passing identity information back down to the
    application is by including the information in the request headers. This
    is similar in scope to the Credential::Remote implementation, but using
    headers instead of environment variables.

CAVEATS
    * I really hope I don't have to say it, but don't let users bypass your
      authentication mechanisms by passing the headers themselves.

    * This is a pretty crappy way of passing identity metadata around.

AUTHOR
    Mike Eldridge <diz@cpan.org>

COPYRIGHT AND LICENSE
    This software is copyright (c) 2012 by Infinity Interactive, Inc.

    This is free software; you can redistribute it and/or modify it under
    the same terms as the Perl 5 programming language system itself.