在自定义Web应用程序中生成LTPAToken 2 [英] Generate LTPAToken 2 in custom Web Application
问题描述
我们希望通过一些IBM Domino / Websphere产品和一个自定义Web应用程序实现SSO基础架构。所有IBM产品都配置为SSO。因此,WebSphere Application Server 8在成功登录其中一个IBM产品后生成LTPAToken2。我们希望为自己的自定义Web应用程序实现相同的行为。登录此Web应用程序后,应生成LTPAToken2。
因此我的问题:是否可以在我们的自定义Web应用程序中生成有效的LTPAToken2?或者,是否可以将WebSphere Application Server API用于此代?实现这一目标的步骤是什么?目前,我们的自定义Web应用程序不是托管在WAS中,而是托管在Tomcat上。
We want to realize a SSO-infrastructure with some IBM Domino / Websphere products and one custom web application. All IBM products are configured for SSO. Therefore, the WebSphere Application Server 8 generates an LTPAToken2 after successful login in one of the IBM products. We want to achieve the same behaviour for our own custom web application. After login into this web app, a LTPAToken2 should be generated. Therefore my question: Is it possible to generate a valid LTPAToken2 in our custom web application? Or maybe, is it possible to use the WebSphere Application Server APIs for this generation? Which steps would be nessecary to achieve this? At the moment, our custom web application is not hosted in a WAS, but on a Tomcat.
谢谢和最好的问候
Ben
Thanks and best regards Ben
推荐答案
只要您的应用程序托管在tomcat服务器上是不可能的。 IBM没有用于创建 LTPA 令牌的开放API。
As long as you have your application hosted on a tomcat server that is not possible. There is no open API from IBM for creating LTPA tokens.
如果您拥有相同的用户目录并使用标准的Java安全机制,则可以将您的应用程序移至 WAS ,配置SSO。您不仅可以在登录Web应用程序时创建 LTPA 令牌而无需进一步配置。
If you would have had the same user directory and using standard Java Security Mechanisms you could move your application to WAS, where SSO is configured. Not only would it be possible, your LTPA tokens would be created on login to your web application without any further configuration.
由于它似乎有两个不同用户目录的解决方案,共享相同的用户ID而不是密码,您需要采取其他措施来实现SSO。
As it seems have a solution with two different user directories, sharing the same user id but not the password, you need to take other measures to achieve SSO.
- 一种是使用Access Manager软件处理所有应用程序的登录,
- A第二个解决方案是编写一些自定义代码。登录tomcat服务器可以生成自定义cookie。您需要编写代码来生成此cookie。然后,您可以编写TAI以在WebSphere服务器上拦截它,从而接受登录。 TAI将在容器中配置,而不是在单独的应用程序本身中配置。 (示例)
- 我还假设你可以通过编写servlet过滤器来处理登录而不是TAI来解决这个问题。
这篇关于在自定义Web应用程序中生成LTPAToken 2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
