Your junction may seem to ignore your ACL settings, and prompt you for authentication even though you've added unauthenticated to the access list. This can happen when you are trying to pass along basic auth. You must change the allow-unauth-ba-supply setting.


allow-unauth-ba-supply = {yes|no} 

This parameter determines access to -b supply junctions by 
unauthenticated users.
By default, unauthenticated users are required to login before accessing
any resource located on a junctioned server where that junction was created 
with the -b supply argument. 

yes: When allow-unauth-ba-supply is set to yes, unauthenticated users can
access -b supply junctions. The basic authentication header supplied by 
WebSEAL in the forwarded request contains the string unauthenticated for
the value of the header. 

no: When allow-unauth-ba-supply is set to no, unauthenticated users 
cannot access -b supply junctions. Users receive a login prompt.