Topic
  • 4 replies
  • Latest Post - ‏2013-12-16T08:35:17Z by Suraj001
Suraj001
Suraj001
3 Posts

Pinned topic How to configure LWAS for LTPA version 1 cookie

‏2013-12-13T13:59:11Z |

can someone help by providing the steps to configure in LWAS for LTPA version1 cookie.

I can see the following link explaining how to configure LTPA2 cookie:

http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.wlp.nd.doc%2Fae%2Ftwlp_sec_ltpa.html

But my requirement here is to configure LTPA 1 cookie.

Any help is appreciated.

  • kark
    kark
    26 Posts

    Re: How to configure LWAS for LTPA version 1 cookie

    ‏2013-12-13T14:28:50Z  

    Hi,

    LWAS only creates the LTPA version 2 cookie which is more secure and customizable.

    -- Ajay

  • Suraj001
    Suraj001
    3 Posts

    Re: How to configure LWAS for LTPA version 1 cookie

    ‏2013-12-16T05:31:58Z  
    • kark
    • ‏2013-12-13T14:28:50Z

    Hi,

    LWAS only creates the LTPA version 2 cookie which is more secure and customizable.

    -- Ajay

    If we want to create LTPA version 1 cookie by ourselves instead of LWAS , what needs to be done. Can you please help on that. Thanks

  • kark
    kark
    26 Posts

    Re: How to configure LWAS for LTPA version 1 cookie

    ‏2013-12-16T05:57:45Z  
    • Suraj001
    • ‏2013-12-16T05:31:58Z

    If we want to create LTPA version 1 cookie by ourselves instead of LWAS , what needs to be done. Can you please help on that. Thanks

    The token is generated by the LWAS code during authentication and there is no public way to create another version. Can you explain why you would need to create the older (and less secure) version of the cookies? All the supported full WAS versions can handle both cookies so the LWAS cookies should be interoperable with the full WAS versions once they keys are exchanged.

    --Ajay

  • Suraj001
    Suraj001
    3 Posts

    Re: How to configure LWAS for LTPA version 1 cookie

    ‏2013-12-16T08:35:17Z  
    • kark
    • ‏2013-12-16T05:57:45Z

    The token is generated by the LWAS code during authentication and there is no public way to create another version. Can you explain why you would need to create the older (and less secure) version of the cookies? All the supported full WAS versions can handle both cookies so the LWAS cookies should be interoperable with the full WAS versions once they keys are exchanged.

    --Ajay

    Our product Information Server is supporting REST Client, which supports both LTPA 1 and LTPA 2 cookies.To test that we need rest service configured with LTPA1 cookie.Our services are deployed on LWAS so wanted to know if we can create LTPA version 1 cookie in LWAS.