Client identity in HTTP BA headers

Edit online

You can configure WebSEAL junctions to supply the back-end server with original or modified client identity information. Understand the options available so that you can specify the required information in the HTTP basic authentication headers.

Use the –b options to supply specific client identity information in HTTP Basic Authentication (BA) headers.

As the administrator, you must analyze your network architecture and security requirements, and determine answers to the following questions:

  1. Is authentication information required by the back-end server?

    (WebSEAL uses the HTTP Basic Authentication header to convey authentication information.)

  2. If authentication information is required by the back-end server, where does this information come from?

    (What information does WebSEAL place in the HTTP header?)

  3. Does the connection between WebSEAL and the back-end server need to be secure?

    (TCP or SSL junction?)

After the initial authentication between the client and WebSEAL, WebSEAL can build a new Basic Authentication header. The request uses this new header as it continues across the junction to the back-end server. You use the –b options to dictate what specific authentication information is supplied in this new header.

Figure 1. Supplying authentication information to back-end application servers

Supplying authentication information to back-end application servers