Authentication information mapping to WebSEAL

Authentication information mapping

The following example illustrates how the user registry provides authentication information to WebSEAL.
If user Michael wants to run the travel-app application resource, WebSEAL asks the user registry server for Michael's authentication information. See the Global sign-on overview section for details.
The user registry server maintains a complete database of authentication information in the form of mappings of resources to specific authentication information. The authentication information is a user name and password combination known as a resource credential. Resource credentials can be created only for registered users.
The registry contains a database for Michael that maps the resource travel-app to a specific resource credential. The following table illustrates the structure of the GSO resource credential database:
Michael Paul

resource: travel-app
      username=mike
      password=123 resource: travel-app
username=bundy
password=abc

resource: payroll-app
      username=powell
      password=456 resource: payroll-app
username=jensen
password=xyz

In this example, the registry returns user name "mike" and password "123" to WebSEAL. WebSEAL uses this information when it constructs the Basic Authentication header in the request sent across the junction to the back-end server.
Parent topic: Single Sign-on Solutions

Michael	Paul
resource: travel-app username=mike password=123	resource: travel-app username=bundy password=abc
resource: payroll-app username=powell password=456	resource: payroll-app username=jensen password=xyz