Modify the single sign-on token factory configuration to
use a token factory other than the default token factory. When
the default single sign-on token is generated, the application server
utilizes the TokenFactory class that is specified using the com.ibm.wsspi.security.token.singleSignonTokenFactory
property. Use the administrative console to modify the property.
The
com.ibm.ws.security.ltpa.LTPAToken2Factory token factory is the default
that is specified for this property. This token factory creates a
single sign-on (SSO) token called LtpaToken2, which WebSphere Application
Server uses for propagation. This token factory uses the AES/CBC/PKCS5Padding
cipher.
If you change this token factory, you lose the interoperability
with any servers running a version of WebSphere Application
Server prior to version 5.1.1 that use the default token factory.
Only servers running WebSphere Application Server
Version 5.1.1 or later with propagation enabled are aware of the LtpaToken2
cookie. If all of your application servers use WebSphere Application
Server Version 5.1.1 or later and all of your servers use your new
token factory this awareness is not a problem.
- Open the administrative console.
- Click Security > Global security.
- Under Authentication, click Custom properties.