Configuration of the external authentication interface trigger URL

Configuration of the external authentication interface trigger URL

The external authentication interface (EAI) authentication process supports multiple request-response exchanges. For efficiency and the security of the WebSEAL server, these exchanges are typically streamed through WebSEAL. WebSEAL intercepts this exchange only when there is an occurrence of a special trigger URL in a request. A trigger URL is a server-relative or absolute URL in the WebSEAL configuration file. The trigger URL usually requests authentication from the external authentication application. For example, the trigger URL might be the URL to the external authentication application in a special link on a customized login page. When WebSEAL detects the trigger URL in a request, it intercepts the corresponding response and examines it for authentication data in special HTTP headers.
Trigger URL strings

Can use standard wildcard patterns. Pattern matching is appropriate only for ASCII-based strings and it is not case-sensitive.
Must be in ASCII format if they use pattern-matching. The matching URLs in the requests must be in ASCII format.
Must be as specific as possible in the configured URL to limit the number of times that WebSEAL intercepts the request-response exchange.

Specify trigger URL strings in the trigger stanza entry in the [eai-trigger-urls] stanza of the WebSEAL configuration file.
Virtual host junctions

Match a trigger if their protocol, virtual host name, and port match the virtual host definition. The virtual host name matching is not case-sensitive.
Do not use regular WebSEAL junction triggers, such as the ones that do not match a virtual host definition. Regular WebSEAL junctions do not use virtual host junction triggers.

Junction type URL Corresponding trigger URL
standard http://webseal.example.com/eai-jct/login.asp?url=/return_authn_data.asp [eai-trigger-urls]
trigger = /eai-jct/login.asp*authn*
virtual host http://vhj.webseal.example.com/login.asp?url=/return_authn_data.asp [eai-trigger-urls]
trigger = http://vhj.webseal.example.com/login.asp*authn*

Parent topic: External authentication interface configuration

Junction type	URL	Corresponding trigger URL
standard	http://webseal.example.com/eai-jct/login.asp?url=/return_authn_data.asp	[eai-trigger-urls] trigger = /eai-jct/login.aspauthn
virtual host	http://vhj.webseal.example.com/login.asp?url=/return_authn_data.asp	[eai-trigger-urls] trigger = http://vhj.webseal.example.com/login.aspauthn