LTPA token capabilities for authentication and authorization
For web services, you can complete authentication and authorization using an LTPA token.
The LTPA token Authentication and Authorization are supported only in the following configuration:
Capability
- Authenticate
- Authorize
- In (provider)
Configured with a security policy set and binding that defines that an LTPA token is present for authentication; see Authentication. The integration node provides only LTPA pass-through support, which means that the LTPA token is extracted and passed to an external Security Token Service (STS) for validation. The STS to be used is specified in a security profile. The STS processing can be used to implement authentication and authorization based on the LTPA principal and realm.
Configured with a security profile defining the Policy Decision Point (PDP); see the PDP section that follows.
- WS-Trust v1.3 STS
Configured by using a WS-Trust v1.3 STS security profile specifying authentication, authorization or both; see Creating a security profile for WS-Trust V1.3 (TFIM V6.2).