+

Search Tips   |   Advanced Search

LTPA authenticator

Description and syntax for the LTPA authenticator.


Description

Use the Lightweight Third-Party Authentication authenticator to integrate with the WebSphere Application Server LTPA mechanisms.

This authenticator is supported only on WebSphere Application Server. To avoid unnecessary errors on other application servers, the authenticator is commented out in the default authenticationConfig.xml file created with an empty MobileFirst project. To use it, remove the comments first.

This authenticator can be used with the WASLTPAModule login module.


Class Name


Parameters

The adapter authenticator class has the following parameters:

Parameter Description
login-page Mandatory. The login page URL relative to the web application context.
error-page Optional. The error page URL relative to the web application context. If this parameter is not set, the URL from the login-page is also used for the error-page.
cookie-domain Optional. A String such as example.com, which specifies the domain in which the LTPA SSO cookie applies. If this parameter is not set, no domain attribute is set on the cookie. The single sign-on is then restricted to the application server host name and does not work with other hosts in the same domain.

This parameter is deprecated. Define this parameter in the <loginModule> entry for the WebSphereLoginModule instead. If the parameter is defined in both places, the value in the <loginModule> entry takes precedence.

httponly-cookie Optional. A String with a value of either true or false, which specifies whether the cookie has the HttpOnly attribute set. This attribute helps to prevent cross-site scripting attacks.

This parameter is deprecated. Define this parameter in the <loginModule> entry for the WebSphereLoginModule instead. If the parameter is defined in both places, the value in the <loginModule> entry takes precedence.

cookie-name Optional. A String that specifies the name of the LTPA SSO cookie. If this parameter is not set, the default cookie name is LtpaToken.

This parameter is deprecated. Define this parameter in the <loginModule> entry for the WebSphereLoginModule instead. If the parameter is defined in both places, the value in the <loginModule> entry takes precedence.


Example

<realm name="WASLTPARealm" loginModule="WASLTPAModule">
  <className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
  <parameter name="login-page" value="/login.html"/>
  <parameter name="error-page" value="/loginError.html"/>
</realm>


Parent topic: Configure authenticators and realms