One of my client wants to disable the LTPA token auto-generation process of MobileFirst WAS Liberty environment.
How to disable it or is this possible ?
Our Environment:
- MobileFirst 6.3
- WAS Liberty Core v8.5.5.4
- Windows Server 2012 R2
Asked
Active
Viewed 585 times
2
-
Any reason why you want to disable it? – Gas Aug 11 '15 at 10:23
2 Answers
2
The LTPA token is not generated by MobileFirst. It is being generated by WebSphere Liberty profile.
I could not find documentation stating on how to disable this behavior, although it sounds to me like the auto-regeneration is part of how LTPA is supposed to work.
According to the documentation the default expiration value for the token is 120 minutes, so perhaps if you'll set it to -1 or 0 or 'disable/d' it'll have the desired effect: https://www-01.ibm.com/support/knowledgecenter/was_beta_liberty/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_sec_ltpa.html
Or, you could set it to a very high value, like, years (in minutes). But I think you should let it auto-generate because it's supposed to.
In any case, in WebSphere Full profile there is a way to stop generating the file as well as control when it gets auto-generate: http://www-01.ibm.com/support/knowledgecenter/SSEQTP_6.1.0/com.ibm.websphere.base.doc/info/aes/ae/tsec_ssldisableltpakeygen.html?cp=SSEQTP_6.1.0%2F1-7-9-9-0-1-3-3
Idan Adar
- 44,156
- 13
- 50
- 89
-
-
Note the update I added: "Or, you could set it to a very high value, like, years (in minutes). But I think you should let it auto-generate because it's supposed to." -- otherwise, it's just not supported by Liberty IMO. – Idan Adar Aug 12 '15 at 12:47
1
You can disable the LTPA token generation if you check the webAppSecurity options.
By default there might be no webAppSecurity tag available.
Using the following config you can disable the SSO function which is triggering the LTPA token.
<webAppSecurity useAuthenticationDataForUnprotectedResource=“false” />
more information here
Stefan Schmitt
- 165
- 9