InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.0: General security properties >
6.6.18.0.3: Properties for configuring security using Lightweight Third Party Authentication (LTPA)

6.6.18.0.3: Properties for configuring security using Lightweight Third Party Authentication (LTPA)

Key:
Property name in the Java-based administrative console Applies to Java administrative console of Advanced Edition Version 4.0
Property name in the Web-based administrative console Applies to Web administrative console of Advanced Single Server Edition Version 4.0
Property name in the application client resource configuration tool Applies to Application Client Resource Configuration Tool

Domain  Property name in the Java-based administrative console
Restrict SSO to servers in the domain you specify in this field. This domain name is used when creating HTTP cookies for Single Sign On. It determines the scope to which Single Sign On applies.

For example, a domain of austin.ibm.com would allow Single Sign On to work between WebSphere application server A at serverA.austin.ibm.com and WebSphere application server B at serverB.austin.ibm.com. Note that cross-domain Single Sign On is not supported. That is, a server at austin.lotus.com, and another at austin.ibm.com cannot partipicate in WebSphere Single Sign On.

Enable Single Sign On  Property name in the Java-based administrative console
Causes your LTPA directory service to store extra information in the tokens so that other applications can accept clients as already authenticated by WebSphere Application Server. When clients try to access the other applications, they will not be interrupted and asked to log in.

When you enable Single Sign On, the Domain field will be enabled. You must enter a DNS domain name. See the Domain field description for more information. The Limit to SSL connections only check box will also be enabled. The Import Keys and Export Keys button will also be enabled.

Enable Web Trust Associations  Property name in the Java-based administrative console
When enabled, one or more trust associations will be active. Trust associations enable a third party reverse proxy server to perform authentication on behalf of the WebSphere Application Server security component. To do so, you need to create a corresponding interceptor for the reverse proxy server and determine how "trust" will be established between them. See the security documentation in the InfoCenter for additional information.
Limit to SSL connections only  Property name in the Java-based administrative console
Specifies to use a connection with SSL for Single Sign On, to prevent the SSO token from flowing over non-secure connections. When this is set, form-based authentication will not work when resources are accessed over HTTP. The resources can be accessed only over HTTPS.

If this property is set and form-based login is used for authentication, the resources can be accessed only using secure connections (HTTPS). Connections that are not secure (HTTP) will not work. If basic login for authentication is used and the access is through an connection that has not been secured, then SSO will not work. The user will be prompted to log in again.

Token Expiration  Property name in the Java-based administrative console
How many minutes can pass before a client using an LTPA token must authenticate again. LTPA uses tokens to store the authenticated status of a client.

A positive integer indicates the token life, in minutes

Go to previous article: Properties for configuring security using local operating system Go to next article: Properties for mapping security roles and

 

 
Go to previous article: Properties for configuring security using local operating system Go to next article: Properties for mapping security roles and