Request process for authenticated users

Request process for authenticated users

The following conditions describe the request process for authenticated users:
A user makes a request for a resource protected by WebSEAL. The protection on the resource requires the user be authenticated. WebSEAL prompts the user to log in.
Successful authentication can occur only if the user is a member of the ISAM user registry.
A WebSEAL session and key is created for the user.
A credential for this user is built from information contained in the registry about this user (such as group memberships).
The session key and credential, plus other data, are stored as an entry in the WebSEAL session cache.
As WebSEAL processes this request (and future requests during this session), it keeps the credential information available.
Whenever an authorization check is required, the ISAM authorization service uses the credential information during the decision-making process.
When the user logs off, the cache entry for that user is removed and the session is terminated.

Parent topic: Authenticated and unauthenticated access to resources