Authentication challenge based on user agent

Each authentication type, as specified by the auth-challenge-type configuration entry, can be qualified with a set of rules. These rules define the user agent strings that are included or excluded for different authentication types.

For example: auth-challenge-type = [-msie*+ms*]ba, [+mozilla*; +msie]forms; eai

Based on the configuration example, WebSEAL:

• Does not return a basic authentication challenge to user agent strings beginning with msie, but does return a basic authentication challenge for agents beginning with ms.
• Returns a forms based authentication challenge client to user agents beginning with mozilla or msie.
• Returns an EAI authentication challenge to any user agent.

Rule Syntax

Each authentication challenge type can be defined only once in the auth-challenge-type string. The rules must precede the authentication type enclosed in square brackets with different patterns separated by semicolons. A plus (+) or minus (-) character indicates whether that challenge type is included or excluded for that user agent string respectively.

The pattern can contain alphanumeric characters, spaces, periods, and wildcard characters, such as, question mark (?) and asterisk (*).

When WebSEAL evaluates these rules based on the user agent, the first rule with a pattern that matches the current string is applied. Any other rules that match the given authentication mechanism are ignored. WebSEAL performs these evaluations in the order in which the rules are defined.

An authentication type with no defined rule set will match any user agent string.

If you do not want the authentication type to match any user agent string, indicate the given authentication challenge by using a negative wildcard string, such as [-*]ba.