You can programmatically perform downstream Single Sign On (SSO) web propagation of a Lightweight Third Party Authentication (LTPA) cookie without the need for an application to store and send user credentials.
WebSphere® Application Server provides API support to propagate an LtpaToken2 cookie to downstream web single sign-on applications.
Web applications running in mid-tier WebSphere servers might need to propagate LtpaToken2 cookies on downstream web invocations. In this release of WebSphere Application Server, a new Application Programming Interface (API) is provided for application developers to programmatically perform downstream SSO without the need for an application to store and send user credentials.
/**
* Extracts an LTPA sso token from the subject of current
* thread and builds a ltpa cookie out of it for use on
* downstream web invocations.
* When the returned value is not null use Cookie methods
* getName() and getValue() to set the Cookie header
* on an http request with header value of
* Cookie.getName()=Cookie.getValue()
*
* @return an object of type javax.servlet.http.Cookie.
*
*/
import javax.servlet.http.Cookie;
import com.ibm.websphere.security.WSSecurityHelper;
Cookie ltpaCookie = WSSecurityHelper.getLTPACookieFromSSOToken()
ltpaCookie.getName()=ltpaCookie.getValue()
HttpMethod method = .; // new your HttpMethod based on the
// target URL for the web application
if (ltpaCookie != null)
method.setRequestHeader(“Cookie”, ltpaCookie.getName()+”=”+ltpaCookie.getValue());