Generate an LTPA token?

We have a need to integrate a server with our WebSphere environment that does not support LTPA. I found Working with Lightweight Third Party Authentication (LTPA) by Cosmin Stejerean and corresponding code to decode the information in an LTPA token. However, there's no code explaining the digital开发者_C百科 signature and how that's generated/validated. Does anyone have any information on how to generate an LTPA token in custom code?

You would need to specify how and what you want to integrate?

LTPA is a mechanism used by WebSphere and other IBM products (e.g lotus products) as a means of authentication (typically for a Single Sign on SSO)

If a WebSphere App Server (as an example) authenticates a user and the request say goes to a lotus product (which is part of the same domain), the lotus product identifies the user via the LTPA token which was generated by WAS.

The same applies to multiple WebSphere products too.

There are no public APIs for LTPA for users to work with and it is meant to be used by various IBM products.

HTH Manglu

I agree with Gary that you could choose a different token to work with WebSphere. You don't HAVE to use LTPA.

But that being said....I have a Question and Answer I figured out on my own to communicate with security using IBM tooling. The perspective is web services (specifically JAX-WS) but I'm sure some of the principles carry over. With that post, I mostly relied on the following developerworks article.

Also...not sure if you can consider this, but there are products that do token translation for you. The place I works is an IBM shop and tends to bleed blue pretty heavy, so I only know of the IBM stack (which may help you with WebSphere), but I'm sure there are other products and/or free/open source projects you can use. An example with IBM tooling is the IBM WebSphere DataPower appliance. I believe some of the IBM Tivoli products can help in that area as well.

Also...from my experience with LTPA. IBM does not let you generate the tokens if you are not running in the container (ie, a WebSphere box). So testing gets a bit tricky.

I've given you a couple of leads to go on. Hopefully one of those helps.

I have not found documentation about generating LTPA tokens. Maybe you can figure out what you need from this code, https://github.com/Unicon/ltpa-bridge, which generates LTPA tokens.

You could use IBM API Connect configured with DataPower Gateway to generate Ltpa tokens, given the userid.

https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.toolkit.doc/rapim_ref_ootb_policyltpagen.html