Controlling the login response for unauthenticated users

Controlling the login response for unauthenticated users

We can control the login prompt response for an unauthenticated user who requests an object protected by a step-up authentication POP attribute.
By default, WebSEAL presents only the login prompt for the specific authentication level required by the POP. The show-all-auth-prompts stanza entry in the [step-up] stanza of the WebSEAL configuration file controls this response. The default value is "no":
[step-up] show-all-auth-prompts = no

In previous versions of WebSEAL, multiple login prompts—one for each enabled authentication method—were presented to the unauthenticated user on one login page. To support this previous behavior, set the value of the show-all-auth-prompts stanza entry to "yes":
[step-up] show-all-auth-prompts = yes
The show-all-auth-prompts function is triggered only by a POP on an object. If an unauthenticated user is asked to authenticate for reasons that do not involve a POP on an object, the functionality of show-all-auth-prompts is not used.
Parent topic: Authentication strength policy (step-up)