Enable unauthenticated access

We can control whether unauthenticated users are allowed access to unprotected resources on e-community SSO participating servers. When authenticated users are allowed this access, the participating server can serve the resource without requiring the user authenticate through the master authentication server. When this policy is configured, the participating server redirects to the master authentication server only when the client requests access to a protected resource.

This policy is set in the WebSEAL configuration file:

[e-community-sso]
ecsso-allow-unauth = {yes|no}

When ecsso-allow-unauth is set to "yes", unauthenticated access is enabled. The default setting is "yes".

When ecsso-allow-unauth is set to "no", unauthenticated access is disabled. In this case, clients must authenticate through the master authentication server when requesting access to a resource (protected or not protected) on an e-community SSO participating server. The default behavior changed for WebSEAL Version 5.1. In prior versions, unauthenticated access was disabled. To retain backwards compatible behavior with older versions of WebSEAL, set ecsso-allow-unauth = no.

Parent topic: Configuration of e-community single sign-on