IS there any way to validate LTPA token previously generated from IBM Tivoli federated Websphere Application Server in my nodejs application. I have checked "ldapjs", but I could not find something to validate LTPA token.
Asked
Active
Viewed 909 times
2 Answers
2
I have written a small library for this purpose: https://www.npmjs.com/package/ltpa
Once you've extracted your server key you can use the library to validate, and generate LtpaTokens.
Markus Berg
- 21
- 4
-
I've tried your library (thank you for your work) but how to implement it with a server to server (kerberos environment) key? I don't have the server key but an administrative username – TecHunter Mar 31 '16 at 14:18
-
The library is only useful if you have access to the server Ltpa secret. I'm not sure what you mean by server-to-server. – Markus Berg Apr 06 '16 at 12:03
-
I have a websphere with ltpa token against an AD using ldap. the websphere is configured with a service user to check user credential against the AD then on success will generate the ltpa token. This lib is only to generate the ltpa right? I have the 3DESKey of the server (extracted from server's config) but not sure what is the server key here... – TecHunter Apr 06 '16 at 12:53
-
1To be honest, I'm not entirely sure myself. I've never used websphere, so my only experience with Ltpa has been with IBM Domino. It might be that the Ltpa version used by Domino differs from the one used by Websphere: ftp://ftp.software.ibm.com/software/integration/datapower/library/prod_docs/Misc/UnderstandingLTPA-v1.pdf – Markus Berg Apr 07 '16 at 15:22
-
mine is LtpaToken2 not the first one... that might explains it. thanks though! – TecHunter Apr 08 '16 at 08:19
0
There is an Java API related with WSLogin - which allows to validate LTPA. (Technically a re-login here)
But I dont think you can use this with Nodejs.
But my preferred way is to use the BASIC authentication using the URL post from your app.
This requires a provider (Websphere) to expose a URL for you.
Jagan Sivanesan
- 59
- 5