Request process for authenticated users
The following conditions describe the request process for authenticated users:
- A user makes a request for a resource protected by WebSEAL. The protection on the resource requires the user be authenticated. WebSEAL prompts the user to log in.
- Successful authentication can occur only if the user is a member of the ISAM user registry.
- A WebSEAL session and key is created for the user.
- A credential for this user is built from information contained in the registry about this user (such as group memberships).
- The session key and credential, plus other data, are stored as an entry in the WebSEAL session cache.
- As WebSEAL processes this request (and future requests during this session), it keeps the credential information available.
- Whenever an authorization check is required, the ISAM authorization service uses the credential information during the decision-making process.
- When the user logs off, the cache entry for that user is removed and the session is terminated.
Parent topic: Authenticated and unauthenticated access to resources