Remote response handling with local authentication

We can implement local response redirection without using the external authentication interface. In this case, the server response handling is performed remotely and authentication is handled locally by WebSEAL. For example, the remote response handler can serve a login page that requires a local WebSEAL authentication handler such as pkmslogin.form to implement the authentication process.

In this example, the login page served by the remote response handler contains a FORM tag with an ACTION attribute. The value of the ACTION attribute points to the location of the local WebSEAL authentication handler (pkmslogin.form). When the client submits the completed login form, the data is directed to this handler.

When WebSEAL receives a request for pkmslogin.form, it responds by invoking the appropriate authentication mechanism and passing the appropriate authentication data to this mechanism. The pkmslogin.form management page is a management command to the WebSEAL server. It is not represented in the object space and we cannot attach policies to it.

We can use the appropriate static HTML response pages provided by WebSEAL as templates for the custom pages. If necessary, edit the pages to customize the content for the environment. Ensure that all URLs are expressed to correctly satisfy the filtering rules of WebSEAL.

• Junction filtering issues for the ACTION URL
  

Parent topic: Local response redirection