Default Headers and Cookies App Gateway Adds to the Request

By Default App Gateway adds header variables and cookies to any request forwarded to a protected enterprise applications. The following is a list of these headers and cookies and their respective values.

Headers

Header Name	Description	Authentication Method Usage
idcs_service_url	The value of this header is your Oracle Identity Cloud Service's base URL. For example, `https://idcs-tenant.identity.oraclecloud.com`	Used by all authentication method.
idcs_cloudgate_id	The Client ID value for the App Gateway registered in Oracle Identity Cloud Service.	Used by all authentication method.
idcs_client_id	The Client ID value for the App Gateway registered in Oracle Identity Cloud Service.	App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by Anonymous or Public authentication methods.
idcs_authn_method	The authentication method configured in the enterprise application's authentication policy. Value depending on the authentication method used: If resource is protected by Anonymous authentication method, then value is `anonymous`. If resource is protected by Form or Access Token authentication method, then value is `oauth`. If resource is protected by Basic Auth or Basic Auth+ Session authentication methods, then value is `http`. If resource is protected by Multitoken authentication method, then value is `multitoken`. If resource is protected by Multitoken+Fallthrough authentication method, then value is `multitoken` or `fallthrough` depending if the authorization header is a known value or not.	App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by any authentication method except Public.
idcs_authn_strength	Identifies if the user authentication has happened in 1 or 2 steps. If the user has signed in with Oracle Identity Cloud Service using their credentials only, then the authentication strenght is `1`. If the user has signed in using multi-factor authentication, then authentication level is `2`.	App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by any authentication method except Public and Anonymous.
remote_user	Username of the user signed in to Oracle Identity Cloud Service. If the resource is protected by Anonymous authentication method, then the value of this header is `anonymous`.	App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by any authentication method except Public.
idcs_remote_user	Username of the user signed in to Oracle Identity Cloud Service. If the resource is protected by Anonymous authentication method, then the value of this header is `anonymous`.	App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by any authentication method except Public.
idcs_remote_user_mappingattr	The Oracle Identity Cloud Service user schema attribute used to identify the signed in user. For example, `userName`.	App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by any authentication method except Public and Anonymous.
idcs_session_id	The session ID value Oracle Identity Cloud Service creates after user signs in.	App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by Form or Access Token or Basic Auth+ Session authentication method.
idcs_user_assertion	Value of the identity token issued by Oracle Identity Cloud Service.	App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by Form or Access Token authentication method.
idcs_user_display_name	Value of the `displayname` attribute of the user signed in with Oracle Identity Cloud Service.	App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by any authentication method except Public and Anonymous.
idcs_user_id	Value of the unique identifier attribute of the user signed in with Oracle Identity Cloud Service.	App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by any authentication method except Public and Anonymous.
idcs_user_tenant_name	Oracle Identity Cloud Service tenant name.	App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by any authentication method except Public and Anonymous.

Cookie Name Description Authentication Method Usage

Cookie Name	Description	Authentication Method Usage
ORA_OCIS_CG_SESSION_<idcs-tenant>_<aapgateway_host>	After the user authenticates with Oracle Identity Cloud Service, App Gateway sets this cookie to the request forwared to the application. The cookie name is composed by `ORA_OCIS_CG_SESSION` prefix, concatenated with Oracle Identity Cloud Service's tenant name, and sufixed with the App Gateway's Host value.	App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by Form or Access Token authentication method.

ORA_OCIS_CG_SESSION_<idcs-tenant>_<aapgateway_host>

After the user authenticates with Oracle Identity Cloud Service, App Gateway sets this cookie to the request forwared to the application.

The cookie name is composed by ORA_OCIS_CG_SESSION prefix, concatenated with Oracle Identity Cloud Service's tenant name, and sufixed with the App Gateway's Host value.

App Gateway adds this header to the request forwarded to the enterprise application if the resource is protected by Form or Access Token authentication method.