iChain looks for Wireless Application Protocol (WAP) device information in the HTTP headers. When it sees WAP information, it uses the .wml templates (or smaller HTML templates if the device is expecting HTML) instead of the full-sized HTML templates. These can be found in the directory with all of the other login page templates. If there are issues, the templates can be altered so that they work with the WAP device.
There are inconsistencies with how different devices support .wml tags. During the SSL handshake, the WAP devices (phones or PDAs) need to be able to validate the server certificate being returned from iChain. This implies that the WAP devices need the trusted roots of the iChain server certificates built into them. With a browser, it is easy to import these trusted root certificates but with WAP phones, it is not an option. If the WAP device you are using does not have a built-in trusted root certificate for the iChain server certificate, it fails. Verisign* and Thawte* trusted root certificates are built in to almost all devices and these work fine; Novell trusted root certificates are not and therefore WAP devices fail if the auto-certificates are enabled for the iChain accelerator. One workaround to this problem is to authenticate over HTTP using the Prompt Username/Password over HTTP option. However, if you do this, the authentication data is posted (POST) in clear text over the WAP network, which is a security concern. For more information, see the Novell Technical Information Document.