iChain looks for Wireless Application Protocol (WAP) device information in the HTTP headers. When it sees WAP information, it uses the .wml templates (or smaller HTML templates if the device is expecting HTML) instead of the full-sized HTML templates. These can be found in the directory with all of the other login page templates. If there are issues, the templates can be altered so that they will work with the WAP device.
There are inconsistencies with how different devices support .wml tags. During the SSL handshake, the WAP devices (phones or PDAs) need to be able to validate the server certificate being returned from iChain. This implies that the WAP devices need the trusted roots of the iChain server certificates built into them. With a browser, it is easy to import these trusted root certificates but with WAP phones, it is not an option. If the WAP device you are using does not have an in-built trusted root certificate for the iChain server certificate, it will fail. Verisign and Thwate trusted root certificates are built in to almost all devices and these work fine; Novell trusted root certificaters are not and therefore WAP devices will fail if the auto-certificates are enabled for the iChain accelerator. One workaround to this problem is to authenticate over HTTP using the prompt username/password over HTTP option. The downside to this is that the authentication data is posted (POST) in clear text over the WAP network which causes security concerns. For more information, see the Novell Technical Information Document.