From 1c0197b835c3eec6ce8324e20d1b167353baf533 Mon Sep 17 00:00:00 2001
From: Felix Dittrich <31076102+f11h@users.noreply.github.com>
Date: Wed, 2 Sep 2020 15:03:19 +0200
Subject: [PATCH] Updated documentation for load balancer request headers.
 (#88)

---
 docs/software-design-federation-gateway-service.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/software-design-federation-gateway-service.md b/docs/software-design-federation-gateway-service.md
index f8086e85..a4016243 100644
--- a/docs/software-design-federation-gateway-service.md
+++ b/docs/software-design-federation-gateway-service.md
@@ -263,8 +263,8 @@ As shown in the figure below, the Federation Gateway (FG) Load Balancer authenti
 
 | HTTP Header         | Description |
 |---------------------|-------------|
-| X-SSL-Client-SHA256 |	SHA-256 hash value of the DER encoded client's certificate. The so-called certificate fingerprint or thumbprint. (hex, lowercase, without colon)                         |
-| X-SSL-Client-DN	  | The subject Distinguished Name (DN) of the client's certificate (see [RFC 5280](https://tools.ietf.org/html/rfc5280#page-23) and [RFC 1719](https://tools.ietf.org/html/rfc1779#page-6)). The DN MUST contain the Country (C) attribute.  |
+| X-SSL-Client-SHA256 |	SHA-256 hash value of the DER encoded client's certificate. The so-called certificate fingerprint or thumbprint. (base64 encoded bytes, not base64 encoded hexadecimal string representation) |
+| X-SSL-Client-DN	  | The subject Distinguished Name (DN) of the client's certificate (see [RFC 5280](https://tools.ietf.org/html/rfc5280#page-23) and [RFC 1719](https://tools.ietf.org/html/rfc1779#page-6)). The DN MUST contain the Country (C) attribute. (it is possible to transmit DN string URL encoded) |
 
 ### 2.2. Federation Gateway Service