Junction header preservation

WebSEAL enables us to specify whether P3P headers from junctioned applications are preserved or replaced. Note that this is not part of the P3P compact policy, but is a WebSEAL function.

The configuration file entry is:

[p3p-header]
preserve-p3p-policy = {yes|no}

The default setting is "no". This means that P3P headers from junctioned servers are replaced.

WebSEAL replaces back-end P3P policy headers by default to ensure that WebSEAL cookies are not excluded due to a more strict policy set by the back-end server.

When using the default setting, we might find that cookies the back-end server sets are not allowed due to the WebSEAL compact policy. In this case, you should choose one of the following options:

• Set preserve-p3p-policy = yes to force WebSEAL to preserve the compact policy set by the back-end server.

• Modify the WebSEAL compact policy header to make the policy more permissive, so that back-end cookies are allowed.

When WebSEAL processes responses from back-end servers, WebSEAL's actions can include the addition of a cookie to the response. This addition occurs when the WebSEAL junction has been created to generate junction cookies. These cookies are used to map URLs across junctions, to ensure connectivity between the browser and the back-end server. When the administrator chooses to preserve the compact policy set by the back-end server (preserve-p3p-policy = yes), the administrator must ensure the compact policy is permissive enough to accept the addition of the WebSEAL junction cookie. When the compact policy forbids the addition of the junction cookie, the URL requests from the browser will not successfully resolve to the URLs on the back-end server.

Parent topic: Platform for Privacy Preferences (P3P)