The vouch-for request
The vouch-for request is triggered when a user requests a resource from a target server (configured for e-community) that contains no credential information for that user.
The server sends a redirect to the vouch-for server, either the MAS or a delegated vouch-for server identified in an e-community cookie.
The vouch-for request contains the following information:
https://vouch-for-server/pkmsvouchfor?ecommunity-name&target-URL
The receiving server checks the ecommunity-name to validate the e-community identity. The receiving server uses the target-URL in the vouch-for reply to redirect the browser back to the originally requested page.
The pkmsvouchfor vouch-for URL is configurable.
For example:
https://mas.dA.com/pkmsvouchfor?companyABC&https://ws5.dB.com/index.htmlThe pkmsvouchfor management page is a management command to the WebSEAL server. It is not represented in the object space and we cannot attach policies to it.
Parent topic: The vouch-for request and reply