Web services security supports both LTPA (Version 1) and LTPA Version 2 (LTPA2) tokens. The LTPA2 token, which is more secure than Version 1, is supported by the JAX-WS runtime only.
The Lightweight Third Party Authentication (LTPA) token is a specific type of binary security token. The web services security implementation for WebSphere Application Server, Version 5 and later supports the LTPA Version 1 token. WebSphere Application Server Version 7 and later supports the LTPA Version 2 token using the JAX-WS runtime environment.
LTPA Version token | Valuetype value |
---|---|
LTPA (Version 1) | http://www.ibm.com/websphere/appserver/tokentype/5.0.2/LTPA |
LTPA2 | http://www.ibm.com/websphere/appserver/tokentype/LTPAv2 |
To allow for interoperability between servers that are running different versions of WebSphere Application Server, by default, the JAX-WS web services security runtime in Version 7.0 and later can successfully consume an LTPA Version 1 token when the binding is configured to expect an LTPA2 token. However, you can configure the binding for the JAX-WS runtime to accept only LTPA2 tokens. For more information, see the documentation about Authentication generator or consumer token settings.
If the web services security run time receives a token with a unrecognized valuetype value and the SOAP security header contains a mustUnderstand attribute value that is equal to '1', the web services security run time issues a SOAPFaultException error. If the mustUnderstand attribute value is equal to '0', the token is ignored.
Run time | LTPA Version 1 token status | MustUnderstand attribute value | SOAPFaultException error |
---|---|---|---|
JAX-RPC | Required | 1 | com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5509E: A security token whose type is [{http://www.ibm.com/websphere/appserver/tokentype/5.0.2}LTPA] is required. |
JAX-RPC | Required | 0 | com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5509E: A security token whose type is [{http://www.ibm.com/websphere/appserver/tokentype/5.0.2}LTPA] is required. |
JAX-RPC | Optional | 1 | com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5502E: Unexpected element as the target element: s:BinarySecurityToken. |
JAX-RPC | Optional | 0 | None |
JAX-RPC | Not Configured | 1 | com.ibm.wsspi.wssecurity.SoapSecurityException: WSEC5502E: Unexpected element as the target element: s:BinarySecurityToken. |
JAX-RPC | Not Configured | 0 | None |
JAX-WS (Version 6.1 Feature Pack for Web Services) | Not Configured | 1 | CWWSS5502E: The target element: s:BinarySecurityToken was not expected. |
JAX-WS (Version 6.1 Feature Pack for Web Services) | Not Configured | 0 | None |
JAX-WS (Version 6.1 Feature Pack for Web Services) | Configured | 1 | CWWSS5509E: A security token whose type is [{http://www.ibm.com/websphere/appserver/tokentype/5.0.2}LTPA] is required. |
JAX-WS (Version 6.1 Feature Pack for Web Services) | Configured | 0 | CWWSS5509E: A security token whose type is [{http://www.ibm.com/websphere/appserver/tokentype/5.0.2}LTPA] is required. |