+

Search Tips   |   Advanced Search

Enable single sign-on interoperability mode for the LTPA token


We can set an interoperability flag on the token generator to determine whether an LTPA V1 token or an LTPA V2 token is retrieved when a request message is received.

In WAS V7.0, a flag is set in the global security settings to enable single sign-on interoperability mode for the LTPA token. This option determines whether an LTPA V1 token or an LTPA V2 token is sent when a message request is received. When the interoperability flag is set to true, then the AuthenticationToken is an LTPA V1 token, and the SingleSignonToken is an LTPA V2 token. When the interoperability flag is set to false, then both the AuthenticationToken and the SingleSignonToken are LTPA V 2 tokens.

When the interoperability mode is enabled (the flag is set to true), and the Web Services security binding configuration specifies LTPA V1 as the token, the AuthenticationToken is used to retrieve the token that is sent with the message. If interoperability mode is not enabled (the flag is set to false), and the Web Services security binding configuration specifies LTPA V1 as the token, an exception error is logged.

We can disable the interoperability checking function by setting the custom property, com.ibm.wsspi.wssecurity.tokenGenerator.ltpav1.pre.v7, on the token generator. This setting determines the LTPA token without checking the state of the interoperability flag, providing compatibility with servers running WAS V6.1 and earlier.

To enforce use of the LTPA V2 token, edit the token settings, and set the Enforce token version option for the token.

 

  1. Click Applications > Application Types > WebSphere enterprise apps.

  2. Select an application that contains Web services. The application must contain a service provider or a service client.

  3. Click the Service provider policy sets and bindings link or the Service client.policy sets and bindings link in the Web Services Properties section.

  4. Select a binding. You must have previously attached a policy set and assigned an application specific binding.

  5. Click the WS-Security policy in the Policies table.

  6. Click the Authentication and protection link in the Main message security policy bindings section.

  7. Click a consumer or generator token link from the Protection Tokens table.

  8. Select the Enforce token version check box after the Token type field.

 

Related tasks


Set token generators using JAX-RPC to protect message authenticity at the server or cell level

 

Related


Authentication generator or consumer token settings