WebSEAL authentication

Authentication is the method of identifying an individual process or entity that is attempting to log in to a secure domain. WebSEAL can enforce a high degree of security in a secure domain by requiring each user to provide proof of its identity.

The following conditions apply to the WebSEAL authentication process:

• WebSEAL supports several authentication methods by default and can be customized to use other methods.
• When both server and client require authentication, the exchange is known as mutual authentication.
• The WebSEAL server process is independent of the authentication method.
• The result of successful authentication to WebSEAL is a Security Access Manager user identity.
• WebSEAL uses this identity to build a credential for that user.
• The authorization service uses this credential to permit or deny access to protected objects after it evaluates the ACL permissions and POP conditions that govern the policy for each requested resource.

This flexible approach to authentication allows security policy to be based on business requirements and not physical network topology.

For a complete overview of WebSEAL authentication concepts, see Authentication overview.