1

I'm developing a smartphone app to run under iOs, which will call Websphere OpenSCA components, via Web Service bindings. I want to protect the Web Services using an LTPA token in a WSSE-Security binaryToken.

The client wants to have users sign on with a customer id (8 digits) and 3-of-6 PAC digits.

I was thinking of writing a WAS TAI to handle the authentication, but I'm not sure if I can then obtain an LTPA token, and send it back to the iOS app, where it would be used as part of follow on Web Service calls, as described above.

Does anyone have any ideas, or advice on how I might proceed?

Cheers, Con

Greycon
  • 793
  • 6
  • 19

1 Answers1

0

Please check this. The TAI itself does not generate the LTPA token, but it creates the TAIResult which will be used by WebSphere to build the LTPA token. I expect you need to have an endpoint that you protect using the TAI or where the TAI will listen too (TAI will be called on all non authenticated requests to protected resources by default, but you could add logic in the TAI to only listen to specific end points

http://www.ibm.com/developerworks/websphere/techjournal/0508_benantar/0508_benantar.html

Stefan Schmitt
  • 165
  • 9
  • Hi Stefan, I had long since forgotten about this. In the end I went with external authentication, and this external IDP generates a signed SAML assertion, which WebSphere consumes, to generate the required security context. – Greycon Apr 14 '15 at 16:13
  • thought even if it is old it might be good for someone else. Going to an external IdP and just consume the SAML assertion sounds like a great idea. That way you can change the authentication behaviour without the need to touch the server running the application logic. I have something similar running myself – Stefan Schmitt Apr 14 '15 at 18:33
  • Link is broken, could you please update. – cyper Aug 17 '23 at 12:37