auth-challenge-type
Use the auth-challenge-type stanza entry to specify a comma-separated list of authentication types that WebSEAL can use to challenge a client for authentication information.
auth-challenge-type = listDescription
Each authentication type can be customized for particular user agent strings. For information about authentication challenges based on the user agent, see the IBM Security Verify Access: Web Reverse Proxy Configuration Guide.
You can customize this configuration item for a particular junction by adding the adjusted configuration item to a [server:{jct_id}] stanza.
where {jct-id} refers to the junction point for a standard junction (including the leading / character) or the virtual host label for a virtual host junction.
Options
list A comma-separated list of authentication types used when challenging a client for authentication information. The supported authentication types include: The corresponding authentication configuration entry (for example, ba-auth) must be enabled for each specified authentication challenge type.
- ba
- cert
- eai
- forms
- oidc
- spnego
Each authentication type can also be qualified with a set of rules to specify the user agents that receive a given challenge type. These rules are separated by semicolons and placed inside square brackets preceding the authentication type. Each rule consists of a plus (+) or minus (-) symbol to indicate inclusion or exclusion, and the pattern to match on. The pattern can include:
- Alphanumeric characters
- Spaces
- Periods (.)
- Wildcard characters, such as, question mark (?) and asterisk (*)
Usage:
This stanza entry is optional.
Default value
By default, the list of authentication challenge types matches the list of configured authentication mechanisms.
auth-challenge-type = ba auth-challenge-type = forms
Example:
auth-challenge-type = ba, forms auth-challenge-type = [-msie;+ms]ba, [+mozilla*;+*explorer*]forms