Login page and macro support with external authentication interface

The WebSEAL login pages can be modified to cause a redirection to the external authentication interface server to perform the authentication, or to contain a link (or button) that a user can click to initiate the authentication exchange with the external authentication interface server. This modified login page is required if we enable reauthentication or step-up to external authentication interface. An external authentication interface-specific macro (%EAIAUTHN%) is used to selectively add or mask sections from the certlogin.html and stepuplogin.html login forms. When the authentication method (indicated by the macro name) is valid, the section in the form governed by the macro is displayed. When the authentication method is not valid, the macro is replaced by a start comment delimiter (<!--). All subsequent information in the form is commented out until a comment closing delimiter (-->) is reached.

To facilitate the passing of the required authentication level for step-up as an argument in a query string, WebSEAL passes another macro (%AUTHNLEVEL%) to the stepuplogin.html login form. Neither of these macros are present in the default login forms. The macros must be manually added.

We can also implement local response redirection to handle server responses to client requests.

Parent topic: Use of external authentication interface with existing WebSEAL features