LTPA Token (ltpa)
Lightweight Third Party Authentication (LTPA) token configuration.
| Name | Type | Default | Description |
|---|---|---|---|
authFilterRef |
A reference to top level authFilter element (string). |
Specifies the authentication filter reference. |
|
expiration |
A period of time with minute precision |
120m |
Amount of time after which a token expires in minutes. Specify a positive integer followed by a unit of time, which can be hours (h) or minutes (m). For example, specify 30 minutes as 30m. You can include multiple values in a single entry. For example, 1h30m is equivalent to 90 minutes. |
keysFileName |
Path to a file |
${server.output.dir}/resources/security/ltpa.keys |
The path to the file that contains the LTPA primary keys, which are used to create and validate LTPA tokens. |
keysPassword |
Reversably encoded password (string) |
{xor}CDo9Hgw= |
Password for the LTPA primary keys. The best practice is to encrypt the password by using the securityUtility tool. |
monitorInterval |
A period of time with millisecond precision |
0ms |
Rate at which the server checks for updates to the LTPA keys file. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. |
authFilter
Specifies the authentication filter reference.
authFilter > cookie
A unique configuration ID.
| Name | Type | Default | Description |
|---|---|---|---|
id |
string |
A unique configuration ID. |
|
matchType |
|
contains |
Specifies the match type. |
name |
string |
Specifies the name. |
authFilter > host
A unique configuration ID.
| Name | Type | Default | Description |
|---|---|---|---|
id |
string |
A unique configuration ID. |
|
matchType |
|
contains |
Specifies the match type. |
name |
string |
Specifies the name. |
authFilter > remoteAddress
A unique configuration ID.
| Name | Type | Default | Description |
|---|---|---|---|
id |
string |
A unique configuration ID. |
|
ip |
string |
Specifies the remote host TCP/IP address. |
|
matchType |
|
contains |
Specifies the match type. |
authFilter > requestHeader
A unique configuration ID.
| Name | Type | Default | Description |
|---|---|---|---|
id |
string |
A unique configuration ID. |
|
matchType |
|
contains |
Specifies the match type. |
name |
string |
Specifies the name. |
|
value |
string |
The value attribute specifies the value of the request header. If the value is not specified, then the name attribute is used for matching, for example, requestHeader id="sample" name="email" matchType="contains". |
authFilter > requestUrl
A unique configuration ID.
| Name | Type | Default | Description |
|---|---|---|---|
id |
string |
A unique configuration ID. |
|
matchType |
|
contains |
Specifies the match type. |
urlPattern |
string |
Specifies the URL pattern. The * character is not supported to be used as a wildcard. |
authFilter > userAgent
A unique configuration ID.
| Name | Type | Default | Description |
|---|---|---|---|
agent |
string |
Specifies the browser's user agent to help identify which browser is being used. |
|
id |
string |
A unique configuration ID. |
|
matchType |
|
contains |
Specifies the match type. |
authFilter > webApp
A unique configuration ID.
| Name | Type | Default | Description |
|---|---|---|---|
id |
string |
A unique configuration ID. |
|
matchType |
|
contains |
Specifies the match type. |
name |
string |
Specifies the name. |
