There is a helper function which can be used to see what the library does. To call it just run the jar file as a runnable jar, like the example bellow:
Lets start with a piece of an Wikipedia article...
"Lightweight Third-Party Authentication (LTPA), is an authentication technology used in IBM WebSphere and Lotus Domino products. When accessing web servers that use the LTPA technology it is possible for a web user to re-use their login across physical servers.
A Lotus Domino server or an IBM WebSphere server that is configured to use the LTPA authentication will challenge the web user for a name and password. When the user has been authenticated, their browser will have received a session cookie - a cookie that is only available for one browsing session. This cookie contains the LTPA token.
If the user – after having received the LTPA token – accesses a server that is a member of the same authentication configuration as the first server, and if the browsing session has not been terminated (the browser was not closed down), then the user is automatically authenticated and will not be challenged for a name and password. Such an environment is also called a Single-Sign-On (SSO) environment."
Ok. Now let me tell you about the problem I've faced and how to solve it.
To integrate your own solution of SSO (Single Sign On [http://en.wikipedia.org/wiki/Single_sign-on]) with IBM products which uses LTPA token v1 and v2 to authenticate users.
To encode and/or to decode tokens LTPA of version 1 and 2. To do that, I wrote a very basic API in Java which handles encoding and decoding of LTPA tokens. So, in order to integrate your SSO mechanism with an IBM server, you have to create two Session cookies with the LTPA tokens v1 and v2. The LTPA v1 token must be named as LtpaToken and the v2, LtpaToken2. Your SSO system must to create a UserMetadata (class from the library), call the encoding method from the TokenLTPAFactory and than to create the cookies to finally send them to the users browser.
I'll explain here how a Token LTPA is composed. If you don't want to know that and just use the API, jump to the next part of the article (Example):
Plain text token:
<token body>%<expiration time>%<signature>
Token body is composed by some of the following fields:
Ok. This is a complete token body, but a valid token can have just the username:
Exiration time is the same expiration time used in the token body.
The signature of a token depends of its version.The content of keys.properties is:
LTPA1 BASE64( RSA( SHA_DIGEST( token_body ) ) )
LTPA2 BASE64( SHA1_WITH_RSA( SHA_DIGEST( token_body ) ) )
Here is an example of how to decode a Token LTPA v2:
You can download the Java library from the link at the bottom of this page. The source code is inside
Please, let me know if this article helped you in some way.