LTPA Token (ltpa)
Lightweight Third Party Authentication (LTPA) token configuration.
Name | Type | Default | Description |
---|---|---|---|
authFilterRef | A reference to top level authFilter element (string). | Specifies the authentication filter reference. | |
expiration | A period of time with minute precision | 120m | Amount of time after which a token expires in seconds. The value can be specified in milliseconds, seconds, and minutes by using the following suffixes: "ms", "s", and "m". Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. |
keysFileName | Path to a file | ${server.output.dir}/resources/security/ltpa.keys | The path to the file that contains the LTPA primary keys, which are used to create and validate LTPA tokens. |
keysPassword | Reversably encoded password (string) | {xor}CDo9Hgw= | Password for the LTPA primary keys. The best practice is to encrypt the password by using the securityUtility tool. |
monitorInterval | A period of time with millisecond precision | 0ms | Rate at which the server checks for updates to the LTPA keys file. This rate applies to both the primary keys and the validation keys. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. |
monitorValidationKeysDir | boolean | false | If set to "true", the directory that contains LTPA primary keys is monitored for any modifications on files with the .keys suffix. The default value is false. All validation files must use the same password as the LTPA primary keys password and must have the .keys suffix. |
updateTrigger |
| polled | Specifies the update method or trigger that is used to update the LTPA keys. The following values are supported: "polled", "mbean" and "disabled". The default value is "polled". |
authFilter
Specifies the authentication filter reference.
authFilter > cookie
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
matchType |
| contains | Specifies the match type. |
name | string | Specifies the name. |
authFilter > host
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
matchType |
| contains | Specifies the match type. |
name | string | Specifies the name. |
authFilter > remoteAddress
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
ip | string | Specifies the remote host TCP/IP address. | |
matchType |
| contains | Specifies the match type. |
authFilter > requestHeader
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
matchType |
| contains | Specifies the match type. |
name | string | Specifies the name. | |
value | string | The value attribute specifies the value of the request header. If the value is not specified, then the name attribute is used for matching, for example, requestHeader id="sample" name="email" matchType="contains". |
authFilter > requestUrl
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
matchType |
| contains | Specifies the match type. |
urlPattern | string | Specifies the URL pattern. The * character is not supported to be used as a wildcard. |
authFilter > userAgent
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
agent | string | Specifies the browser's user agent to help identify which browser is being used. | |
id | string | A unique configuration ID. | |
matchType |
| contains | Specifies the match type. |
authFilter > webApp
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
matchType |
| contains | Specifies the match type. |
name | string | Specifies the name. |
validationKeys
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
fileName | string | The name of the file that contains the LTPA validation keys. The path must be the same as the LTPA primary keys file. | |
id | string | A unique configuration ID. | |
password | Reversably encoded password (string) | The password for the LTPA validation keys. The best practice is to encrypt the password by using the securityUtility tool. | |
validUntilDate | string | A date and time value in ISO date format that the LTPA validation key is valid until. After the specified time, the validation keys is no longer used for LTPA token validation. The following example shows the ISO date format: "2023-11-18T18:08:35Z". If no value is specified, the LTPA validation keys can be used indefinitely. |