LTPA and LTPA Version 2 tokens
Web services security supports both LTPA (Version 1) and LTPA Version 2 (LTPA2) tokens. The LTPA2 token, which is more secure than Version 1, is supported by the JAX-WS runtime only.
The Lightweight Third Party Authentication (LTPA) token is a specific type of binary security token. The web services security implementation for WebSphere Application Server, Version 5 and later supports the LTPA Version 1 token. WebSphere Application Server Version 7 and later supports the LTPA Version 2 token using the JAX-WS runtime environment.
|LTPA Version token||Valuetype value|
|LTPA (Version 1)||
To allow for interoperability between servers that are running different versions of WebSphere Application Server, by default, the JAX-WS web services security runtime in Version 7.0 and later can successfully consume an LTPA Version 1 token when the binding is configured to expect an LTPA2 token. However, you can configure the binding for the JAX-WS runtime to accept only LTPA2 tokens. For more information, see the documentation about Authentication generator or consumer token settings.
If the web services security run time receives a token with a unrecognized
valuetype value and the SOAP security header contains a mustUnderstand
attribute value that is equal to
'1', the web services
security run time issues a SOAPFaultException error. If the mustUnderstand
attribute value is equal to
'0', the token is ignored.
'1'to a web services security run time in which the LTPA2 token is not supported, the run time does not recognize the LTPAv2 valuetype value. Thus, the receiving run time issues a SOAPFaultException error. The following table illustrates these different configurations and their potential error messages..
|Run time||LTPA Version 1 token status||MustUnderstand attribute value||SOAPFaultException error|
|JAX-WS (Version 6.1 Feature Pack for Web Services)||Not Configured||1||
|JAX-WS (Version 6.1 Feature Pack for Web Services)||Not Configured||0||None|
|JAX-WS (Version 6.1 Feature Pack for Web Services)||Configured||1||
|JAX-WS (Version 6.1 Feature Pack for Web Services)||Configured||0||
- Enable the single sign-on interoperability mode, which is available on the Single sign-on (SSO) panel within the administrative console. For more information on this option, see the documentation about single sign-on settings.
- Set the
com.ibm.wsspi.wssecurity.tokenGenerator.ltpav1.pre.v7custom property to true for the LTPA token generator.