Enabling SSO Between Mobile Applications with LTPA
MarcelaAdanRochester 2700048UPS Visits (4618)
Lightweight Third-Party Authentication (LTPA) is a security token type that is used by IBM® WebSphere® Application Server and other IBM products. LTPA can be used to send the credentials of an authenticated user to back-end services. It can also be used as a single sign-on (SSO) token between the user and multiple servers.
Enabling LTPA token between IBM products is very useful; it enables the IBM products to communicate using the same token, with no need to authenticate more than once. After a user logs in, the server generates an LTPA token. The token is signed by a private key that is shared among all the servers that want to decode it. The token is usually in cookie form for HTTP services. By sending the token as a cookie, there is no need for subsequent user interaction.
As a consultant on Mobile technologies, I find that this type of security mechanism is an important feature of IBM Worklight, which enables the mobile application to integrate with several kinds of services by just adding the token in the service request.
After the user logs in by providing the user id and password, the Worklight Server authenticates the credentials and generates an LTPA token, which is an encrypted hash that contains authenticated user information. The token is signed by a private key that is shared among all the servers that need to decode it. The token is in cookie form for HTTP services. LTPA tokens have a configurable expiration time to reduce the possibility for session hijacking.
The figure shows the LTPA authentication sequence diagram:
The IBM Redbooks publication Extending IBM Business Process Manager to the Mobile Enterprise with IBM Worklight explains through use cases and usage scenarios, how to build and deliver business processes using IBM Business Process Manager and how to develop mobile applications that enable remote users to interact with the business processes while on-the-go, using the IBM Worklight platform.
In this book, LTPA token authentication is enabled in the integration between IBM Worklight and IBM BPM, where the same token is shared between the two products to demonstrate SSO between two apps that access processes in the organization's back-end systems. The Worklight adapter calling the IBM BPM REST API includes the cookie with the token in it, and secure integration is established. For details refer to the IBM Redbooks publication Extending IBM Business Process Manager to the Mobile Enterprise with IBM Worklight .
Hala Aziz is an IT Specialist in the Cairo Technology Development Center (CTDC) in IBM Egypt. She has ten years of experience in IBM Application and Integration Middleware Software such as IBM WebSphere® Application server, IBM WebSphere Portal, IBM Worklight, and IBM Endpoint Manager. She worked as a consultant on eGoverment and banking solutions for clients in Egypt, Dubai, Oman, and Switzerland. Hala has several technical professional certifications such as Certified Application Developer for IBM Web Content Manager and IBM Worklight and she has delivered IBM internal education and client enablement training workshops around the world. Hala is a co-author of the IBM Redbooks publication Extending IBM Business Process Manager to the Mobile Enterprise with IBM Worklight
Likes before 03/04/2016 - 1
Views before 03/04/2016 - 4327