LTPA module

An LTPA token is an encrypted string that contains user information and other metadata. Version 1 tokens contain fairly limited information, such as username and token expiration time. Version 2 tokens are extensible in that they can contain user-defined attributes, where each attribute can contain a list of values.

These tokens are represented as BinarySecurityToken elements.

This module does not support the initial generation of LTPA keys. You must provide a set of LTPA keys that were generated by another source such as a WebSphere® application server.

Supported modes

• Validate
• Issue

Configuration properties

Validate mode

LTPA file

Select the LTPA file to use.

You must upload the LTPA file into /wga/ltpa_key first for it to display in the list.

Password for key protection

(Required) The password that was used to protect the keys that are created by the partner.

Use the FIPS standard

Select to enable the Federal Information Processing Standards (FIPS). If FIPS was enabled when you created your partner, select this check box. The default is unchecked.

Issue mode

LTPA file

Select the LTPA file to use.

You must upload the LTPA file into /wga/ltpa_key first for it to display in the list.

Password for key protection

(Required) The password that was used to protect the keys that are created by the partner. It must be the same password that was used when the keys were created by the partner.

Use the FIPS standard

Select to enable the Federal Information Processing Standards (FIPS). If FIPS was enabled when you created your partner, select this check box. The default is unchecked.

Number of minutes before the created token expires

(Required) Indicates how long, from the time of token creation, the token remains valid. Specify the value in minutes. You can override this value by using the expiration Principle value in the Universal User. The default value is 120 minutes.

Realm used to create the user ID

The realm name to append to the user ID during token creation. You can override this value by using the realm Principle value in the Universal User. If you do not specify a name here, then the realm from the imported LTPA file is assumed.

Version of LTPA token to issue

The version number of the LTPA token you are issuing. Select 1 or 2 from the list, denoting LTPA Version 1 or Version 2.

Attributes to add to a version 2 token

Specify the type of attributes to include in the assertion. Use this field only for LTPA Version 2 tokens. An asterisk (*) indicates that all of the attribute types that are specified in the identity mapping file are included in the assertion.

To specify one specific type individually, type the attribute type in the text box. For example, if you want to include only attributes of type urn:oasis:names:tc:SAML:2.0:assertion in the assertion, type that string in the text box.