Security attribute propagation for Horizontal Propagation

9.7.1 Security attribute propagation for Horizontal Propagation

Complete the following steps to configure WebSphere Application Server for Horizontal Propagation.

Launch the Administrative Console and login.

Select Security Ć Global Security. Select Authentication Mechanisms then LTPA. Under additional Properties, select Single Signon (SSO).

(Optional) Earlier versions of WebSphere Application Server, prior to V5.1.1, did not support security attribute propagation. It used an LTPA token for Single Sign-On purposes. If we need to interoperate with such servers, select the Interoperability Mode option. WebSphere Application Servers that do not support security attribute propagation receive the Lightweight Third Party Authentication (LTPA) token and the propagation token, but ignore the security attribute information that it does not understand.

Check the option for Web inbound security attribute propagation. This option enables horizontal propagation.

Figure 9-5 Horizontal propagation
With the Web Inbound security Attribute propagation enabled, the security attributes of the originating server where the initial login occurred, will get propagated to the receiving server. These security attributes include any custom attributes or token that are set in the custom Login modules in the Login server.