WASLTPAModule login module
The WASLTPAModule login module enables integration with WebSphere® Application Server LTPA mechanisms.
Note: This login module is only supported on WebSphere Application Server.
To avoid unnecessary errors when IBM MobileFirst™ Platform Foundation is
run on other application servers, the login module is commented out
in the default authenticationConfig.xml file
that is created with an empty MobileFirst project.
To use it, remove the comments first.
Class Name
com.worklight.core.auth.ext.WebSphereLoginModule
Parameters
The login module class has the following parameters:
Parameter | Description |
---|---|
cookie-domain | Optional. A String such as example.com, which specifies the domain in which the LTPA SSO cookie applies. If this parameter is not set, no domain attribute is set on the cookie. The single sign-on is then restricted to the application server host name and does not work with other hosts in the same domain. |
httponly-cookie | Optional. A String with a value of either true or false, which specifies whether the cookie has the HttpOnly attribute set. This attribute helps to prevent cross-site scripting attacks. |
cookie-name | Optional. A String that specifies the name of the LTPA SSO cookie. If this parameter is not set, the default cookie name is LtpaToken. |
role | Optional. A String that specifies the Java™ EE role that the authenticated user must belong to for the login to be successful. If the parameter is not specified, no role checking is performed. |
Note: When you specify a role parameter, the role must be
defined in the MobileFirst web
application deployment descriptor (web.xml).
A set of users or groups must be mapped to that role by using the
usual WebSphere Application Server mechanisms.
<loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
<parameter name="role" value="wluser"/>
<parameter name="cookie-domain" value="example.com"/>
<parameter name="httponly-cookie" value="true"/>
<parameter name="cookie-name" value="LtpaToken2"/>
</loginModule>