IBM Security Verify

 View Only
  • 1.  Include Group Info in the LTPA token

    Posted Thu August 15, 2019 01:28 PM
    We are trying to do a SSO with LTPA between ISAM and MDM( hosted onWebsphere Application Server).
    Currently the LTPA token has only the user DN information and no groups are included. Is there any way we can include the user group info in the LTPA token from ISAM?

    ------------------------------
    Venkat
    ------------------------------


  • 2.  RE: Include Group Info in the LTPA token

    Posted Thu August 15, 2019 01:55 PM
    Hello,

    The built-in LTPA token support in WebSEAL doesn't provide capability to include additional attributes.

    HOWEVER...

    If you have entitlement to the Federation add-on, this has an LTPA token module which can generate tokens with additional attributes (based on mapping rule in the trust chain).   You can have WebSEAL call this module to get an LTPA token (and send it in a cookie) using the "TFIM SSO" function.

    Jon.


    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------