LTPA and LTPA V2 tokens

WS-Security supports both LTPA (Version 1) and LTPA V 2 tokens. The LTPA V2 token, which is more secure than V1, is supported in WAS V7.0.

The LTPA token is a specific type of binary security token. The WS-Security implementation for WAS, V6 and later supports the V1 level of LTPA token, while WAS V7 added support for V2 of LTPA.

Although the same LTPAToken assertion is used in the policy for both LTPA Version 1 and LTPA V2, the URI for the V2 token is different than V1. When LTPA Token v2.0 is selected as the token type for the default policy set bindings, the URI value is set to http://www.ibm.com/websphere/appserver/tokentype, and this value is not editable.

To allow interoperability between servers running different versions of WAS, WS-Security can successfully consume an LTPA V1 token when the policy is configured to expect an LTPA V2 token. Likewise, if a LTPA V1 token is expected, a V2 token can be consumed. A custom property can be configured to enforce a specific version of the LTPA token. If an LTPA V1 token is configured for the token generator, the single sign-on interoperability mode must be enabled in global security. For more information on the custom property or the single sign-on interoperability mode, see the topic Enabling single-sign on interoperability mode for the LTPA token.

---

 

Related concepts

Binary security token
WS-Security provides message integrity, confidentiality, and authentication

 

Related information

Enable single sign-on interoperability mode for the LTPA token