Valid session data types and authentication methods
Different session data types and authentication methods are valid depending on whether the session is for a Multiplexing proxy agent (MPA) or a client.
The following table lists the valid session types for the MPA and the client:
Session Types MPA-to-WebSEAL Client-to-WebSEAL SSL Session ID Yes Not valid HTTP Header Yes Yes IP Address Yes Not valid Session Cookie Yes Yes
The session data type used by the MPA to WebSEAL must be distinct from the session data type used by the client to WebSEAL. As an example, if the MPA uses a session cookie for the session data type, the client must use the HTTP Header session data type.
- The client cannot use an SSL session ID as the session data type.
- If MPA support is enabled, the function of ssl-id-sessions changes. Normally, if ssl-id-sessions = yes, only the SSL session ID is used to maintain sessions for HTTPS clients. To allow the MPA to maintain a session with an SSL session ID and have clients maintain sessions using another method, this restriction is removed. See also Valid session key data types.
The following table lists the valid authentication methods for the MPA and the client:
Authentication Types MPA-to-WebSEAL Client-to-WebSEAL Basic authentication Yes Yes Forms authentication Yes Yes Certificate Yes Not valid External authentication interface Yes Not valid
The authentication method used by the MPA to WebSEAL must be distinct from the authentication method used by the client to WebSEAL. As an example, if the MPA uses basic authentication, the client must use forms authentication.
- Certificates and external authentication interface authentication methods are not valid for use by the client.
- Normally, if forms authentication is enabled for a particular transport, basic authentication is automatically disabled for that transport. If MPA support is enabled, this restriction is removed. The MPA is then allowed to log in, for example, with forms and clients to log in with basic authentication over the same transport.
Parent topic: Multiplexing proxy agents