Client identity in HTTP BA headers

We can configure WebSEAL junctions to supply the back-end server with original or modified client identity information. Understand the options available to specify the required information in the HTTP basic authentication headers.

Use the -b options to supply specific client identity information in HTTP Basic Authentication (BA) headers.

As the administrator, we must analyze the network architecture and security requirements, and determine answers to the following questions:

  1. Is authentication information required by the back-end server?

    (WebSEAL uses the HTTP Basic Authentication header to convey authentication information.)

  2. If authentication information is required by the back-end server, where does this information come from?

    (What information does WebSEAL place in the HTTP header?)

  3. Does the connection between WebSEAL and the back-end server need to be secure?

    (TCP or SSL junction?)

After the initial authentication between the client and WebSEAL, WebSEAL can build a new Basic Authentication header. The request uses this new header as it continues across the junction to the back-end server. We use the -b options to dictate what specific authentication information is supplied in this new header.

Figure 1. Supplying authentication information to back-end application servers
Supplying authentication information to <a href=back-end application servers">

Parent topic: Single Sign-on Solutions