With the LTPA authentication mechanism, the client generates a binary security token, and it imbeds the token in the SOAP message. The server extracts the token and uses a Java Authentication and Authorization Service (JAAS) login module to validate the token. For an overview of the LTPA authentication mechanism, see Lightweight Third-party Authentication (LTPA) method.
Note: LTPA authentication is supported for server Web services only, including Web service applications that act as clients to other Web services. A pure Web service client (that is, a client that is not also a Web service) cannot authenticate with LTPA.
However, you can configure multiple authentication mechanisms for a Web service. In a scenario with multiple Web services and Web services clients, you can configure the clients to authenticate with a different authentication mechanism. You can then configure the Web services to authenticate with LTPA.
Note: To use the LTPA authentication mechanism for Web services, you must configure WebSphere global security and the LTPA authentication mechanism. For more information, see Configure global security and Configure the authentication mechanism in the Security topic.
Perform these steps to configure LTPA authentication for your Web service:
Configure the client for LTPA token authentication
This topic describes how to configure LTPA authentication for a Web service that acts as a client.
Configure the server for LTPA token authentication
This topic describes how to configure LTPA authentication for your Web service application.
(Optional) Configure a pluggable token
If you have developed custom token generation and validation, see this topic for information about configuring your pluggable token. For more information, see Pluggable token support.