Authentication strength login form

When an authenticated client attempts to access a protected resource, and is required to reauthenticate to a higher authentication strength level, WebSEAL presents a special HTML form. The client uses the form to supply the information needed for the type of authentication required.

WebSEAL supplies a default login form. Administrators can either use the default login form or customize it to fit the local WebSEAL deployment.

The location of the default login form is specified in the WebSEAL configuration file:

[acnt-mgt]
stepup-login = stepuplogin.html

Complete the following steps:

Steps

1. Specify the name of the authentication strength login form.

   To use the default location for the form, verify the WebSEAL configuration file stanza entry, stepup-login, contains the default value, stepuplogin.html.

2. Optionally, customize the contents of the authentication strength login form.

   This file contains macros, in the form of %TEXT% sequences, which are replaced with the appropriate values. This substitution occurs within WebSEAL's template file processing functions and allows the form to be used for the supported authentication methods with correct formatting. It also allows other information, such as error message and authentication method name, to be supplied in the form for the user.

   For more information on using macros, see Macro resources for customizing response pages.

3. Restart the WebSEAL server.

The configuration of authentication strength levels is now complete.

Parent topic: Authentication strength policy (step-up)