Information in a user request
During authentication, WebSEAL examines a user request for the following information:
- Session key
A session key is a piece of data stored with a client and sent with every request to WebSEAL made by that client. The session key is used by WebSEAL to identify a series of requests as coming from the same client. It allows WebSEAL to avoid the overhead of performing authentication for each request. The session key is a locator index to the associated session data stored in the WebSEAL server session cache. The session key is also known as the WebSEAL session ID.
- Authentication data
Authentication data is information found in the user request that identifies the user to the WebSEAL server. Examples of authentication data types include client-side certificates, passwords, and token codes.
When WebSEAL receives a user request, WebSEAL always looks for the session key first, followed by authentication data.
Parent topic: Authentication overview
Related concepts
- Definition and purpose of authentication
- Client identities and credentials
- Authentication process flow
- Authenticated and unauthenticated access to resources
Related reference