LTPA module
The LTPA module facilitates the validating and issuing of LTPA version 1 and version 2 tokens. The LTPA module is called STSLTPATokenModule.
An LTPA token is an encrypted string that contains user information and other metadata. Version 1 tokens contain fairly limited information, such as username and token expiration time. Version 2 tokens are extensible in they can contain user-defined attributes, where each attribute can contain a list of values.
These tokens are represented as BinarySecurityToken elements.
This module does not support the initial generation of LTPA keys. We must provide a set of LTPA keys that were generated by another source such as a WebSphere application server.
- Supported modes
- Validate
- Issue
- Configuration properties
- Validate mode
- LTPA file
- Select the LTPA file to use.
Upload the LTPA file into /wga/ltpa_key first for it to display in the list.
- Password for key protection
- (Required) The password that was used to protect the keys created by the partner.
- Use the FIPS standard
- Select to enable the Federal Information Processing Standards (FIPS). If FIPS was enabled when we created the partner, select this check box. The default is unchecked.
- Issue mode
- LTPA file
- Select the LTPA file to use.
Upload the LTPA file into /wga/ltpa_key first for it to display in the list.
- Password for key protection
- (Required) The password that was used to protect the keys created by the partner. It must be the same password that was used when the keys were created by the partner.
- Use the FIPS standard
- Select to enable the Federal Information Processing Standards (FIPS). If FIPS was enabled when we created the partner, select this check box. The default is unchecked.
- Number of minutes before the created token expires
- (Required) Indicates how long, from the time of token creation, the token remains valid. Specify the value in minutes. We can override this value using the expiration Principle value in the Universal User. Default is 120 minutes.
- Realm used to create the user ID
- The realm name to append to the user ID during token creation. We can override this value by using the realm Principle value in the Universal User. If we do not specify a name here, then the realm from the imported LTPA file is assumed.
- Version of LTPA token to issue
- The version number of the LTPA token we are issuing. Select 1 or 2 from the list, denoting LTPA Version 1 or Version 2.
- Attributes to add to a version 2 token
Type of attributes to include in the assertion. Use this field only for LTPA Version 2 tokens. An asterisk (*) indicates that all of the attribute types specified in the identity mapping file are included in the assertion.
To specify one specific type individually, type the attribute type in the text box. For example, if we want to include only attributes of type urn:oasis:names:tc:SAML:2.0:assertion in the assertion, type that string in the text box.
Parent topic: Supported module types