H+H Software GmbH

The HAN knowledge base

The HAN knowledge base helps you with smaller problems.


HAN header authentication

HAN 5 offers header authentication as an additional e-script property.

Configure this setting only if requested by HAN Support or the provider!

The idea behind header authentication is that HAN can send unique information to providers that make the use of resources by customers and their end users transparent. The header option also serves as an additional option for access differentiation and authentication.

The information to be sent can be determined in consultation with the provider. For security reasons, you can use a hash to protect the sent values from external changes. A salt is defined for this, which is only known to the provider and the HAN server. The individual values are:

  • S: FQDN of the HAN server
  • U: Hash of the user currently logged on to HAN (the name can also be sent in clear text in consultation with the customer)
  • T: Time stamp (UTC) format is year, month, day, hour, minute, seconds
  • H: Hash over a salt (determined by both sides) and the header variables used. SHA1 or MD5 can be used. The value is generated as follows: Hash(Salt+S=X&U=Y&T=Z)

In addition, the HAN server can tell in a separate header or as a further variable whether the access took place internally or externally. For this purpose, the HAN stores which IP addresses are considered internal.

The header can be sent in plain text or Base64 encoded. The name of the header is also freely configurable.

An example of such a headar could be: X-HANAuth: S=handemo.hh-software.com&U=%7BSHA%7DEsCoJc%2F7Y9QI2uqbmY%2FA0HYPc3E%3D&T=20190130145612&H=%7BSHA%7DSHUyCaDxGLsH9W1G0zWbNk2VIVI%3D

If you are interested, please contact H + H, who will establish a contact with the provider. A list of providers which already support this will be available shortly.