Configure web security related properties for the Liberty profile

We can configure web security related properties for the Liberty profile, such as SSO and client certificate authentication.

We can use the webAppSecurity element to configure web container application security for the Liberty profile. Make sure we add the appSecurity-2.0, servlet-3.0 and other required Liberty features to server.xml of the Liberty profile.

For available attributes in the webAppSecurity element , see Configuration elements in server.xml.

Subtopics

• Customize SSO configuration using LTPA cookies
  With single sign-on (SSO) configuration support, web users can authenticate once when accessing Liberty profile resources such as HTML, JavaServer Pages (JSP) files, and servlets, or accessing resources in multiple Liberty profile servers that share the same Lightweight Third Party Authentication (LTPA) keys.

• Configure the web application and server for client certificate authentication
  We can configure the web application on the Liberty profile using SSL client authentication.

• Configure the Liberty profile server to track logged out LTPA tokens
  We can configure a Liberty profile server to track logged out Lightweight Third Party Authentication (LTPA) tokens.

Parent topic: Secure the Liberty profile and its applications