Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services > Administer Web Services Security > Administer message-level security for JAX-RPC web services


Enable or disabling single sign-on interoperability mode for the LTPA token

We can set an interoperability flag on the token generator to determine whether an LTPA v1 token or an LTPA v2 token is retrieved when a request message is received.

In WAS v7.0 and later, a flag is set in the global security settings to enable single sign-on interoperability mode for the LTPA token. This option determines whether an LTPA v1 token or an LTPA v2 token is sent when a message request is received. When the interoperability flag is set to true, then the AuthenticationToken is an LTPA v1 token, and the SingleSignonToken is an LTPA v2 token. When the interoperability flag is set to false, then both the AuthenticationToken and the SingleSignonToken are LTPA Version 2 tokens.

When the interoperability mode is enabled (the flag is set to true), and the Web Services Security binding configuration specifies LTPA v1 as the token, the AuthenticationToken is used to retrieve the token that is sent with the message. If interoperability mode is not enabled (the flag is set to false), and the Web Services Security binding configuration specifies LTPA v1 as the token, an exception error is logged.

We can disable the interoperability checking function by setting the custom property, com.ibm.wsspi.wssecurity.tokenGenerator.ltpav1.pre.v7, on the token generator. This setting determines the LTPA token without checking the state of the interoperability flag, providing compatibility with servers running WAS v6.1 and earlier.

To enforce use of the LTPA Version 2 token, edit the token settings, and set the Enforce token version option for the token.


Procedure

  1. Click Applications > Application Types > WebSphere enterprise applications.

  2. Select an application that contains web services. The application must contain a service provider or a service client.

  3. Click the Service provider policy sets and bindings link or the Service client.policy sets and bindings link in the Web Services Properties section.

  4. Select a binding. We must have previously attached a policy set and assigned an application specific binding.

  5. Click the WS-Security policy in the Policies table.

  6. Click the Authentication and protection link in the Main message security policy bindings section.

  7. Click a consumer or generator token link from the Protection Tokens table.

  8. Select the Enforce token version check box after the Token type field.


Configure token generators using JAX-RPC to protect message authenticity at the server or cell level


Related


Authentication generator or consumer token settings

+

Search Tips   |   Advanced Search