This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to handle WebSphere LTPA token in Apigee Edge?

Posted on 09-04-2017 11:02 PM
Not applicable
Reply posted on --/--/---- --:-- AM

please help me to find how to handle ltpa token .......and what parameter we should pass to handle ltpa token.......how to use ltpa token in apigee...

Solved Solved
0 3 625
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

I'm sorry, I'm still not clear on what you would like the message flows to be.

Can you describe it in a sequence diagram?

I think English may not be your first language. Unfortunately I am not able to understand clearly what you are explaining.

I think you are asking about a Websphere-generated LTPA token, as described here.

If you want Apigee Edge to pass-through an LTPA token... no problem.

If you want Apigee Edge to decrypt an LTPA token that has been issued by IBM WebSphere, then ... That will be a problem. The token is encrypted with 3DES and the key is known only to the Websphere server. You could

  • extract the key and store it in secure storage on Apigee Edge (Encrypted KVM)
  • Write a Java callout (relying on code like this) to decrypt the LTPA token in Apigee Edge
  • Optionally, verify the signature on the cookie. This would use a public/private key pair. I don't know the exact details.

This seems feasible, but I've never done it.

You could hire an Apigee Edge consultant to do the work for you.

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

@MDAAMIR HASSAN , Welcome to Apigee Community ,

Can you explain more what is the context in Apigee related to LTPA token ? Do you want to generate same ? validate same ? Just want to pass through to target server ? What do you mean "handle" / "use" in above question ?

Jump to Solution

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

I'm sorry, I'm still not clear on what you would like the message flows to be.

Can you describe it in a sequence diagram?

I think English may not be your first language. Unfortunately I am not able to understand clearly what you are explaining.

I think you are asking about a Websphere-generated LTPA token, as described here.

If you want Apigee Edge to pass-through an LTPA token... no problem.

If you want Apigee Edge to decrypt an LTPA token that has been issued by IBM WebSphere, then ... That will be a problem. The token is encrypted with 3DES and the key is known only to the Websphere server. You could

  • extract the key and store it in secure storage on Apigee Edge (Encrypted KVM)
  • Write a Java callout (relying on code like this) to decrypt the LTPA token in Apigee Edge
  • Optionally, verify the signature on the cookie. This would use a public/private key pair. I don't know the exact details.

This seems feasible, but I've never done it.

You could hire an Apigee Edge consultant to do the work for you.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to DChiesa
Reply posted on --/--/---- --:-- AM

Yes I want Apigee Edge to pass through an LTPA token.....Can you please Explain how to do this?

Jump to Solution
0 Likes