External authentication interface - authentication flags

External authentication interface - authentication flags

When an EAI application performs a successful authentication, it constructs and returns the response to a trigger URL. WebSEAL detects this authentication information in the trigger URL response. We can provide authentication flags with this response to help control the authentication processing by WebSEAL.
These authentication flags are contained in the HTTP header. Use the eai-flags-header stanza entry in the [eai] stanza of the WebSEAL configuration file to specify name of the flags header.
WebSEAL supports the following flags:

stream

By default, WebSEAL replaces the EAI-generated response with a WebSEAL-generated response for the authentication operation. We can override this default behavior and configure WebSEAL to stream the EAI-generated response back to the client. That is, after a successful EAI authentication, WebSEAL can strip the EAI-specific headers from the response and stream it back to the client.
To achieve this EAI response streaming, the flags header must contain the stream flag.

Example EAI flags header:
am-eai-flags: stream

The eai-flags-header configuration entry specifies the name of the HTTP header containing the flags. For example:
[eai] eai-flags-header = am-eai-flags

Parent topic: How to write an external authentication application