Configure the Web services client for LTPA token authentication

When a client authenticates to WebSphere Application Server - Express, the credential that is created contains an LTPA token. You can configure a Web service to send the LTPA token when it calls a downstream Web service.

Note: You can only configure client LTPA authentication for a Web service that calls another Web service. Do not attempt to configure LTPA from a pure client. For the downstream Web service to validate the LTPA token, the LTPA keys must be the same for both servers.

Do not configure the client for LTPA token authentication unless LTPA is the configured authentication mechanism for WebSphere Application Server - Express. For more information, see Configure the authentication mechanism in the Security topic.

Perform the following steps to specify LTPA token authentication for your Web services client:

  1. Open the webservicesclient.xml file in the Web Services Client Editor of the WebSphere Development Studio Client for iSeries. For more information, see Configure your Web services application.

  2. Click the Security Extensions tab.

  3. Expand the Request Sender Configuration --> Login Config settings.

  4. Select LTPA as the authentication method.

  5. Save the file.

Next, perform the following steps in the Web Services Client Editor to configure how the LTPA information is collected:

  1. Click the Port Binding tab.

  2. Expand the Security Request Sender Binding Configuration --> Login Binding settings.

  3. Click Edit to view the login binding information and select LTPA. If LTPA is not listed, enter it as an option. The login binding dialog displays.

  4. Select or enter the following information:

    Name Purpose
    Authentication method The authentication method specifies the type of authentication that occurs. Select LTPA to use identity assertion.
    Token value type URI and Token value type local name When you select LTPA, you must edit the token value type URI and the local name fields. These values are specified for custom authentication types, which are authentication methods that are not mentioned in the Web services security specification.
    • For token value type URI, enter http://www.ibm.com/websphere/appserver/ tokentype/5.0.2.
    • For local name, enter LTPA.
    Callback handler The callback handler specifies the Java Authentication and Authorization Service (JAAS) callback handler implementation for collecting the LTPA information. Specify the com.ibm.wsspi.wssecurity.auth.callback. LTPATokenCallbackHandler implementation for LTPA.
    Basic authentication user ID and Basic authentication password For LTPA, you can leave these fields empty.
    Property name and Property value For LTPA, you can leave these fields empty.