Authenticated and unauthenticated access to resources

In a ISAM environment, the identity of a user is proven to WebSEAL through the process of authentication. But WebSEAL can accept requests from both authenticated and unauthenticated users over HTTP and HTTPS. WebSEAL then relies on the authorization service to enforce security policy by permitting or denying access to protected resources. In general, a user can participate in the secure domain as authenticated or unauthenticated.

In either case, the ISAM authorization service requires a user credential to make authorization decisions on requests for resources in the secure domain. WebSEAL handles authenticated user credentials differently from unauthenticated user credentials.

The credential for an unauthenticated user is a generic passport that allows the user to participate in the secure domain and access resources available to unauthenticated users.

The credential for an authenticated user is a unique passport that describes a specific user who belongs to the ISAM user registry. The authenticated user credential contains the user identity, any group memberships, and any special extended security attributes.

• Request process for authenticated users
  
• Request process for unauthenticated users
  
• Access conditions over SSL
  
• Forcing user login
  
• Use of unauthenticated HTTPS
  

Parent topic: Authentication overview

Related concepts

• Definition and purpose of authentication
• Client identities and credentials
• Authentication process flow

Related reference

• Information in a user request
• Supported authentication methods
• Authentication challenge based on user agent