How to generate the credential
WebSEAL can build a credential directly from PAC header data. The authorization API builds the credential for user identity header data.
Other authentication data can be supplied by the WebSEAL system itself when building a credential from user identity authentication data. WebSEAL has additional information about the client system that is required to construct the credential. This information is supplied when authentication data from the external authentication interface is used to generate a credential.
Some of these values can be overridden by the eaiauthn module using extended attributes to the header data.
| Field | Source |
Can external authentication interface override value? |
|---|---|---|
| Client IP Address | Derived from the initial client request. | yes |
| Browser Information | Derived from the initial client request. | yes |
| Registry Type | Determined from the current WebSEAL configuration. | no |
| Domain | Determined from the current WebSEAL configuration. | no |