After the G2O configuration is applied on the MSL Origin side, the corresponding G2O setting—specifically the addition of the X-Akamai-G2O-Auth-Data and X-Akamai-G2O-Auth-Sign headers—needs to be configured on the CDN side.

For the Akamai CDN, follow these steps in the Akamai AMD UI. There are two possible workflows for G2O authentications in AMD, Akamai Signature Header Authentication or Signature Header Authentication.

Akamai Signature Header Authentication

Akamai Signature Header Authentication is required when configuring AMD with the new rule format.

1. Navigate to Origin Characteristics.
2. Set the Authentication Method to "Akamai Signature Header Authentication".

• Encrypted Algorithm Version. SHA256-HMAC
• Signed String Type. Default (Forward URL)
• Secret Key. Match this with the "Key" value configured in the MSL5 Origin shared key.
• Nonce. Match this with the "Name" value configured in the MSL5 Origin shared key.

📘

For MSL5 Origin shared key configurations, refer to Authentication Mechanisms for details.

Signature Header Authentication

Signature Header Authentication is required when configuring AMD with the old rule format. If your AMD uses the old rule format, the above "Akamai Signature Header Authentication" is unavailable for selection.

1. Navigate to the Signature Header Authentication section.

📘

This configuration is not needed if you have already configured "Akamai Signature Header Authentication".

• Clear Data Header Name. X-Akamai-G2O-Auth-Data
• Encrypted Data Header Name**. X-Akamai-G2O-Auth-Sign
• Encrypted Algorithm Version. SHA256-HMAC
• Signed String Type. Default (Forward URL)
• Secret Key. Match this with the "Key" value configured in the MSL5 Origin shared key.
• Nonce. Match this with the "Name" value configured in the MSL5 Origin shared key.

2. In addition to the above configuration on "Signature Header Authentication", configure the following Origin Server settings.

• Origin Type. Refer to "Your Origin".
• Forward Host Header. Refer to the "Origin Hostname".