Authentication process flow

The following diagram illustrates the general process flow for WebSEAL authentication when an external authentication interface (EAI) is not being used:

1. The user presents authentication information to WebSEAL (for example, password, certificate, HTTP header) during a request for a resource in the protected object space.

2. WebSEAL invokes the configured authentication module for that type of authentication information.

3. The authentication module validates the authentication information and returns an identity to WebSEAL.

4. WebSEAL uses this identity to create a credential for that user, based on data stored for that user in the user registry. This credential is used during authorization decisions for requests made by this user.

The external authentication interface (EAI) supports external authentication.

Parent topic: Authentication overview

Related concepts

• Definition and purpose of authentication
• Client identities and credentials
• Authenticated and unauthenticated access to resources

Related reference

• Information in a user request
• Supported authentication methods
• Authentication challenge based on user agent