Generate an LTPA token?

security websphere single-sign-on ltpa
Shadowman picture Shadowman · May 21, 2010 · Viewed 13.8k times · Source

We have a need to integrate a server with our WebSphere environment that does not support LTPA. I found Working with Lightweight Third Party Authentication (LTPA) by Cosmin Stejerean and corresponding code to decode the information in an LTPA token. However, there's no code explaining the digital signature and how that's generated/validated. Does anyone have any information on how to generate an LTPA token in custom code?

Answer

Manglu picture Manglu · May 25, 2010

You would need to specify how and what you want to integrate?

LTPA is a mechanism used by WebSphere and other IBM products (e.g lotus products) as a means of authentication (typically for a Single Sign on SSO)

If a WebSphere App Server (as an example) authenticates a user and the request say goes to a lotus product (which is part of the same domain), the lotus product identifies the user via the LTPA token which was generated by WAS.

The same applies to multiple WebSphere products too.

There are no public APIs for LTPA for users to work with and it is meant to be used by various IBM products.

HTH Manglu

Related questions

WebSphere 7, configuring JMS Q connection factory without user id: MQRC_NOT_AUTHORIZED

I have an instance of WebSphere 6 and an instance of WebSphere 7. Each has a WebSphere MQ messaging provider, a queue connection factory and a queue configured in a similar way. All user ID fields are left empty and Authentication aliases …

Read More
How to access authentication alias from EJB deployed to Websphere 6.1

I need to provide password for keystore in my EJB but I don't want it to be visible to developers. My idea was to create Authentication Alias in Websphere Console and later lookup for MY_ALIAS and obtain password from …

Read More
How can I prevent SQL injection in PHP?

If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')"); That's …

Read More