You can programmatically perform downstream Single Sign On (SSO) web propagation of a Lightweight Third Party Authentication (LTPA) cookie without the need for an application to store and send user credentials.
WebSphere® Application Server provides API support to propagate an LtpaToken2 cookie to downstream web single sign-on applications.
Web applications running in mid-tier WebSphere servers might need to propagate LtpaToken2 cookies on downstream web invocations. In this release of WebSphere Application Server, a new Application Programming Interface (API) is provided for application developers to programmatically perform downstream SSO without the need for an application to store and send user credentials.
newfeat/** * Extracts an LTPA sso token from the subject of current * thread and builds a ltpa cookie out of it for use on * downstream web invocations. * When the returned value is not null use Cookie methods * getName() and getValue() to set the Cookie header * on an http request with header value of * Cookie.getName()=Cookie.getValue() * * @return an object of type javax.servlet.http.Cookie. * */
import javax.servlet.http.Cookie; import com.ibm.websphere.security.WSSecurityHelper; Cookie ltpaCookie = WSSecurityHelper.getLTPACookieFromSSOToken()
ltpaCookie.getName()=ltpaCookie.getValue()
HttpMethod method = .; // new your HttpMethod based on the // target URL for the web application if (ltpaCookie != null) method.setRequestHeader(“Cookie”, ltpaCookie.getName()+”=”+ltpaCookie.getValue());