WAS v8.5 > Secure applications > Secure the Liberty profile and its applications > Configuring web security related properties for the Liberty profile

Customizing SSO configuration using LTPA cookies for the Liberty profile

With single sign-on (SSO) configuration support, web users can authenticate once when accessing Liberty profile resources such as HTML, JavaServer Pages (JSP) files, and servlets, or accessing resources in multiple Liberty profile servers that share the same Lightweight Third Party Authentication (LTPA) keys.

Example

When a user passes authentication on one of Liberty profile servers, authentication information generated by the server is transported to the browser in a cookie. The cookie is used to propagate the authentication information to other Liberty profile servers.

The LTPA is configured and ready for immediate use. The default cookie name used to store the SSO token is called ltpaToken2. To use a different name for the cookie, we can customize the cookie name using the ssoCookieName attribute of webAppSecurity element. If we customize the cookie name, verify all the servers that participate in SSO use the same cookie name.

See SSO concept in the Liberty profile.

The following example code sets the user to be logged out after the HTTP session expires and the name of the SSO cookie as myCookieName.

For SSO to work across servers, the Liberty profile servers must have the same LTPA keys and shared the same user registry.

For details of all the available SSO settings, see the webAppSecurity element in Liberty profile: Configuration elements in server.xml.


Parent topic: Authenticate users in the Liberty profile


Parent topic: Configuring web security related properties for the Liberty profile


Related concepts:

Liberty profile: Authentication
Single sign-on for authentication using LTPA cookies


Related


Configuring LTPA on the Liberty profile


|