InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.0: General security properties >
6.6.18.0.3: Properties for configuring security using Lightweight Third Party Authentication (LTPA)
Key:
Applies to Java administrative console of Advanced Edition Version 4.0
Applies to Web administrative console of Advanced Single Server Edition Version 4.0
Applies to Application Client Resource Configuration Tool
-
Domain
- Restrict SSO to servers in the domain you specify in this field. This domain name is used when creating HTTP cookies for Single Sign On. It determines
the scope to which Single Sign On applies.
For example, a domain of austin.ibm.com would
allow Single Sign On to work between WebSphere application server A at serverA.austin.ibm.com
and WebSphere application server B at serverB.austin.ibm.com. Note that cross-domain
Single Sign On is not supported. That is, a server at austin.lotus.com, and another
at austin.ibm.com cannot partipicate in WebSphere Single Sign On.
-
Enable Single Sign On
- Causes your LTPA directory service to store extra information in the tokens so
that other applications can accept clients as already authenticated by WebSphere
Application Server. When clients try to access the other applications, they will
not be interrupted and asked to log in.
When you enable Single Sign On, the Domain field will be enabled. You must enter a DNS domain
name. See the Domain field description for more information. The Limit to SSL connections only
check box will also be enabled. The Import Keys and Export Keys button will also be enabled.
-
Enable Web Trust Associations
- When enabled, one or more trust associations will be active. Trust associations enable a third party reverse proxy server to perform authentication on behalf of the WebSphere Application Server security component. To do so, you need to create a corresponding interceptor for the reverse proxy server and determine how "trust" will be established between them. See the security documentation in the InfoCenter for additional information.
-
Limit to SSL connections only
- Specifies to use a connection with SSL for Single Sign On, to prevent the SSO token from
flowing over non-secure connections. When this is set, form-based authentication will not work when
resources are accessed over HTTP. The resources can be accessed only over HTTPS.
If this property is set and form-based login is used for authentication, the resources can be accessed
only using secure connections (HTTPS). Connections that are not secure (HTTP) will not work. If basic
login for authentication is used and the access is through an connection that has not been secured,
then SSO will not work. The user will be prompted to log in again.
-
Token Expiration
- How many minutes can pass before a client using an LTPA token must authenticate again. LTPA uses tokens to store the authenticated status of a client.
A positive integer indicates the token life, in minutes
|
|