views:

531

answers:

2

We have a need to integrate a server with our WebSphere environment that does not support LTPA. I found the blog post here and corresponding code to decode the information in an LTPA token. However, there's no code explaining the digital signature and how that's generated/validated. Does anyone have any information on how to generate an LTPA token in custom code?

A: 

You would need to specify how and what you want to integrate?

LTPA is a mechanism used by WebSphere and other IBM products (e.g lotus products) as a means of authentication (typically for a Single Sign on SSO)

If a WebSphere App Server (as an example) authenticates a user and the request say goes to a lotus product (which is part of the same domain), the lotus product identifies the user via the LTPA token which was generated by WAS.

The same applies to multiple WebSphere products too.

There are no public APIs for LTPA for users to work with and it is meant to be used by various IBM products.

HTH Manglu

Manglu
I'm aware that there are no public APIs available for LTPA. That is why I referenced the blog post that shows how to validate an LTPA token. I'm able to reverse that and create all of the necessary elements except for the digital signature. I need some more information on this last piece in order to complete the integration code.The server I wish to integrate is custom code, so there are no integration libraries available for it. We are writing it ourselves.
Shadowman
Hi,I wanted to emphasise the fact that this is not a public API. If you are using it from the blog, you are taking a risk. If IBM expected you to use the LTPA token then they would publish ways and means to do that.Sorry i am not able to assist you here.Thanks,Manglu
Manglu
A: 

Just because you use WebSphere and WebSphere uses LTPA for some forms of SSO, doesn't mean that you need to use LTPA on your non-WebSphere server. There are many standard ways to accomplish Single Sign on with WebSphere and other products. Can you provide more information about how this server is used in your environment? Does it host web applications? web services? J2EE RMI/EJBs? Does this other server need to communicate with end users directly? Does it just need to communicate with a WebSphere server acting as a client?

Gary