LTPA - Lightweight Third-Party Authentication is a IBM provided mechanism to achieve Single Sign-On between IBM WebSphere servers and Lotus Domino servers. Once a user is successfully authenticated a LTPA token will be stored as a cookie in the user's web browser, providing who the authenticated user is to other servers in the same configured SSO domain.
LTPA - Lightweight Third-Party Authentication is a IBM provided mechanism to achieve Single Sign-On between IBM WebSphere servers and Lotus Domino servers. If the server is configured to use LTPA, the server first checks for a valid LTPA token for the SSO domain the server has been configured for. If the LTPA token is not yet present the user must authenticate normally.
Technology
In order for a server to use the LTPA authentication mechanism, it must first be configured to do so. When configuring the usage of LTPA between servers, the servers must be in the same domain (also configured in the LTPA configuration) and use the same LTPA SSO key as each other. Once the user has been authenticated the first time, the server creates two cookies: LtpaToken and LtpaToken2. The latter is the latest version of the token, the former is used for backward compability with older servers. The cookies are encrypted and contains (as a minimum requirement) the user's login.
When the same user accesses another server in the same SSO domain, the user will not need to re-authenticate. The server will read the LTPA token and after validating it accept the users authentication.
The LTPA token is time sensitive and will eventually expire. As a result it is important that the time on the server is synchronized as the server might otherwise consider a fully valid token as invalid. How long the token is valid for is configured on the server.
