\n
And coming to the issue. I have deployed a application in Websphere Application Server. And it has a basic login.
As I have already imported the LTPA cookies from the WAS 9.0., And Enabled the SSO in the Global security > Single sign-on (SSO)
When I login in the application hosted in the WAS. I am not able to get the LTPA2 token in the cookies nor in the URL.
\nHowever the sole purpose is to generate a LTPA2 token from the WebSphere Application Server.
\nAnd to decrypt it using thelink, However the LTPA2 token will be generated in the WAS, And the other applications will be deployed in TOMCAT and to create a SSO between them.
\nPlease help me with any alternative approach, As Creating SSO with the WAS and the TOMCAT using LTPAis the case.
\n","author":{"@type":"Person","name":"Mr.R0bot"},"upvoteCount":3,"answerCount":2,"acceptedAnswer":null}}Reputation: 131
As this is the first time I am working with Websphere Application Server, And with the LTPA token. I am having multiple issues . I have installed the WebSphere Application Server 9.0 , And created a Active Directory Ldap server Windows . And tried to integrate it with the WAS, However I came across this error.
And coming to the issue. I have deployed a application in Websphere Application Server. And it has a basic login.
As I have already imported the LTPA cookies from the WAS 9.0., And Enabled the SSO in the Global security > Single sign-on (SSO)
When I login in the application hosted in the WAS. I am not able to get the LTPA2 token in the cookies nor in the URL.
However the sole purpose is to generate a LTPA2 token from the WebSphere Application Server.
And to decrypt it using thelink, However the LTPA2 token will be generated in the WAS, And the other applications will be deployed in TOMCAT and to create a SSO between them.
Please help me with any alternative approach, As Creating SSO with the WAS and the TOMCAT using LTPAis the case.
Upvotes: 3
Views: 1323
Reputation: 18050
The other, simpler approach would be just to use Use Open Liberty instead of Tomcat, which I suggested in other thread. As usually there is no benefit using Tomcat over OpenLibery and LTPA token will work just via configuration in Liberty and can integrate with any older WebSpheres you have in your environment.
Upvotes: 1
Reputation: 636
Directly using LTPA in Tomcat is not possible unless you use 3rd party token services. The better way to have SSO experience between WebSphere and Tomcat is to use Windows ADFS as SSO server instead of LDAP. You can setup ADFS as either SAML identity provider and OpenID connect provider, and setup WebSphere and Tomcat as SAML or OIDC relying party to ADFS. ADFS server will be your SSO server, and user only need login to ADFS once, and will be authenticated to both WebSphere and Tomcat automatically.
If you can not use ADFS, you could setup one dedicated WebSphere Liberty server as OpenID Connect server (which can be configured to use Windows LDAP as user registry), and use the OpenID Connect server as SSO server for both WebSphere and Tomcat. Similar to ADFS case, user is only required to login to Liberty once, and will be login to both WebSphere and Tomcat automatically. Note here Liberty OIDC server plays role to translate LTPA token to OIDC token which can be consumed by Tomcat.
Upvotes: 2