0

we have a complex infrastructure with WebSEAL, Websphere Portal and a couple of Wesphere AS' where we [obviously] want to set up SSO. we successfully configured TAI++ etc, but unfortunately default LTPA2 token name ("LtpaToken2") is not acceptable for compatibility reasons and we want to change it. Websphere AS 8.5, that we're using, has a special option in "General security -> Single Sign-on" to do so, but that doesn't work however; no matter what we enter, the token issued is still named "LtpaToken2" (well, yes we restarted the AS apparently ;P).

is it something known around websphere community? afaiu this can be customized by implementing a token factory and a token interceptor/validator (i.e. as is suggested here: Generate LTPAToken 2 in custom Web Application), but i'd expect the edit-box that supposedly does so to actually work.

BTW, i take it that renaming LTPA2 tokens is not at all possible in earlier Webspheres?

Community
  • 1
  • 1
Yog Sothoth
  • 344
  • 1
  • 4
  • 18

1 Answers1

0

It is definitely possible since v8. I've tested it on 8.5.5.1 and works fine (I can set ltpa cookie to any name). Verify your settings accessing directly to WAS for example - in admin console, not via TAM. Your problem might be related to WebSEAL and Tai.

I don't quite understand what you mean that ltpatoken2 is not acceptable for compatibility reasons? It was always like that, so changing it will rather introduce incompatibilities, than keeping the default.

Gas
  • 17,601
  • 4
  • 46
  • 93
  • it is indeed changed in WAS' settings, but that is not reflected when authentication actually happens. we integrate with a legacy system that uses their own LTPA 2 tokens. if we keep the same name - they apparently conflict, and it can't be changed on the other system's side. – Yog Sothoth Jan 28 '15 at 13:48
  • @konkere As I wrote - it works fine in 8.5.5.1 - the authentication successfully happens with LTPA cookie set to `mycookie`. No ltpatoken2 cookie is created. – Gas Jan 28 '15 at 16:48
  • yes, you're totally right, i did some more testing and what you say is indeed true. most likely the issue is either with WebSEAL or TAI config. thanks anyway! – Yog Sothoth Jan 28 '15 at 19:33