LTPA module

The LTPA module (STSLTPATokenModule) validates and issues LTPA v1 and v2 tokens. An LTPA token is an encrypted string containing user information and other metadata. Version 1 tokens contain fairly limited information, such as username and token expiration time. Version 2 tokens are extensible in they can contain user-defined attributes, where each attribute can contain a list of values. These tokens are represented as BinarySecurityToken elements. This module does not support the initial generation of LTPA keys. Provide a set of LTPA keys generated by another source such as a WebSphere application server.

Supported modes

Validate
Issue

Configuration properties

Validate mode

    LTPA file

    Select the LTPA file to use. Upload the LTPA file into /wga/ltpa_key first for it to display in the list.

    Password for key protection

    (Required) The password used to protect the keys created by the partner.

    Use the FIPS standard

    Select to enable the Federal Information Processing Standards (FIPS). If FIPS was enabled when you created your partner, select this check box. The default is unchecked.

Issue mode

    LTPA file

    Select the LTPA file to use. Upload the LTPA file into /wga/ltpa_key first for it to display in the list.

    Password for key protection

    (Required) The password used to protect the keys created by the partner. It must be the same password used when the keys were created by the partner.

    Use the FIPS standard

    Select to enable the FIPS. If FIPS was enabled when you created your partner, select this check box. The default is unchecked.

    Number of minutes before the created token expires

    (Required) Indicates how long, from the time of token creation, the token remains valid. Specify the value in minutes. You can override this value by using the expiration Principle value in the Universal User. The default value is 120 minutes.

    Realm used to create the user ID

    The realm name to append to the user ID during token creation. You can override this value by using the realm Principle value in the Universal User. If you do not specify a name here, then the realm from the imported LTPA file is assumed.

    Version of LTPA token to issue

    The version number of the LTPA token you are issuing. Select 1 or 2 from the list, denoting LTPA Version 1 or Version 2.

    Attributes to add to a version 2 token

    Specify the type of attributes to include in the assertion. Use this field only for LTPA Version 2 tokens. An asterisk (*) indicates that all of the attribute types specified in the identity mapping file are included in the assertion. To specify one specific type individually, type the attribute type in the text box. For example, to include only attributes of type...

      urn:oasis:names:tc:SAML:2.0:assertion

    ...in the assertion, type that string in the text box.

Parent topic: Supported module types