please help me to find how to handle ltpa token …and what parameter we should pass to handle ltpa token…how to use ltpa token in apigee…
@MDAAMIR HASSAN , Welcome to Apigee Community ,
Can you explain more what is the context in Apigee related to LTPA token ? Do you want to generate same ? validate same ? Just want to pass through to target server ? What do you mean “handle” / “use” in above question ?
1 Like
I’m sorry, I’m still not clear on what you would like the message flows to be.
Can you describe it in a sequence diagram?
I think English may not be your first language. Unfortunately I am not able to understand clearly what you are explaining.
I think you are asking about a Websphere-generated LTPA token, as described here.
If you want Apigee Edge to pass-through an LTPA token… no problem.
If you want Apigee Edge to decrypt an LTPA token that has been issued by IBM WebSphere, then … That will be a problem. The token is encrypted with 3DES and the key is known only to the Websphere server. You could
- extract the key and store it in secure storage on Apigee Edge (Encrypted KVM)
- Write a Java callout (relying on code like this) to decrypt the LTPA token in Apigee Edge
- Optionally, verify the signature on the cookie. This would use a public/private key pair. I don’t know the exact details.
This seems feasible, but I’ve never done it.
You could hire an Apigee Edge consultant to do the work for you.
Yes I want Apigee Edge to pass through an LTPA token…Can you please Explain how to do this?