IP levels for credential attributes

Network information can be stored as an extended attribute in a user's credential. We can control the amount of network information stored in a credential by specifying the required IP level.

There are different format structures available to hold IPv4 and IPv6 information. Adding attributes to credentials can affect WebSEAL performance.

The following values are available in the ip-support-level stanza entry in the [server] stanza of the WebSEAL configuration file.

• displaced-only

  WebSEAL generates the IPv4 attribute only when it builds user credentials and when authenticating users through external authentication C API modules.

  This value is the default for migrated WebSEAL installations (ipv6-support=no):

  [server]
  ip-support-level = displaced-only

  This value is not permitted when ipv6-support=yes.

• generic-only

  WebSEAL generates new generic attributes that support both IPv4 and IPv6 only when it builds user credentials and when authenticating users through external authentication C API modules.

  This value is the default for new WebSEAL installations (ipv6-support=yes):

  [server]
  ip-support-level = generic-only

displaced-and-generic

Both sets of attribute types (produced by displaced-only and generic-only) are used when it builds user credentials and when authenticating users through external authentication C API modules.

[server]
ip-support-level = displaced-and-generic

Parent topic: Web server configuration

Related concepts

• Content caching
• Communication protocol configuration
• IPv4 and IPv6 overview
• IPv6: Compatibility support
• LDAP directory server configuration
• WebSEAL worker thread configuration
• WebSEAL worker threads
• Global allocation of worker threads for junctions
• Per-junction allocation of worker threads for junctions
• HTTP data compression
• WebSEAL data handling by using UTF-8
• UTF-8 dependency on user registry configuration
• UTF-8 data conversion issues
• UTF-8 impact on authentication
• UTF-8 impact on authorization (dynamic URL)
• Encoding type usage
• UTF-8 support for uniform resource locators
• UTF-8 support in POST body information (forms)
• UTF-8 support in query strings
• UTF-8 encoding of tokens for cross domain single signon
• UTF-8 encoding of tokens for e-community single signon
• UTF-8 encoding of cookies for failover authentication
• UTF-8 encoding of cookies for LTPA authentication
• UTF-8 encoding in junction requests
• Validation of character encoding in request data
• Set system environment variables
• Cross-Origin Resource Sharing (CORS) Support

Related tasks

• Specify the WebSEAL host name
• Modify the configuration file settings
• Configure WebSEAL for IPv6 and IPv4 requests

Related reference

• IPv6: Upgrade notes
• Allocation view of worker threads for junctions
• Supported wildcard pattern matching characters