
114 Enterprise Business Portals with IBM Tivoli Access Manager
Because WebSEAL maintains an SSL session state for the MPA, it cannot use
SSL session IDs for each client simultaneously. WebSEAL instead authenticates
the clients using HTTP authentication techniques over SSL.
If the user is authenticated at the EWG, for example, to a RADIUS Server, then
WebSEAL can be configured to receive an "authenticated ID" from the gateway
and not re-authenticate the user.
Today, WebSEAL support for the Entrust Proxy and the Nokia WAP gateway
exists.
5.5 WebSEAL delegation mechanisms
After a user has been authenticated by WebSEAL and an authorization decision ...