Default authentication token
Do not use the default authentication token in service provider code. This default token is used by the WebSphere® Application Server run-time code only and is authentication mechanism specific.
Any modifications to this token by service provider code can potentially cause interoperability problems. If you need to create an authentication token for custom usage, see Implementing a custom authentication token for security attribute propagation for more information.
Changing the token factory that is associated with the default authentication token
- Click .
- Under Additional properties, click Custom properties.
The com.ibm.ws.security.ltpa.LTPATokenFactory token factory is the default for this property. The LTPATokenFactory token factory uses the DESede/ECB/PKCS5Padding cipher. This token factory creates an interoperable Lightweight Third Party Authentication (LTPA) token.
If you associate the com.ibm.ws.security.ltpa.LTPAToken2Factory token factory with the com.ibm.wsspi.security.token.authenticationTokenFactory property, the token is Advanced Encryption Standard (AES) encrypted. However, you need to weigh the performance against your security needs. You might add additional attributes to the authentication token in the Subject during a login that are available downstream.
- com.ibm.wsspi.security.ltpa.Token
- com.ibm.wsspi.security.ltpa.TokenFactory
- Click .
- Under Additional properties, click Custom properties.
- Locate the com.ibm.wsspi.security.token.authenticationTokenFactory property and verify that the value of this property matches your custom token factory implementation.
- Verify that your implementation classes are put into the install_dir/classes directory so that the WebSphere Application Server class loader can load the classes.
- Verify that the QEJBSVR user profile has read, write, and execute (*RWX) authority to the classes directory. You can use the Work with Authority (WRKAUT) command to view the authority permissions for that directory.