Default settings for preserve and refresh

The default settings in the WebSEAL configuration file are:

[credential-refresh-attributes]
authentication_level = preserve
tagvalue_* = preserve

These settings result in the following behavior:

• The user authentication level is preserved when credentials are refreshed. During a user session, the user authentication level can change when authentication strength policy (step-authentication) is applied. In most cases, we want to preserve the modified authentication level during a credential refresh.

  If we do not want to preserve the authentication level, change the configuration file entry:

  authentication_level = refresh

• The tagvalue_* entry preserves all credential attributes whose name begins with the characters tagvalue_.

  Attributes with the prefix tagvalue_ are typically supplied by external authentication C API services that want to add user information to the credential. The prefix is needed to ensure the credentials are included when WebSEAL inserts credential data into an HTTP header to send across a junction.

Parent topic: Credential refresh concepts