One of the often asked question is how we can see whether the browser has received the
LTPA token, especially during debugging of single sign-on problems. If the browser supports
JavaScript, the most straightforward way is to type javascript:alert(document.cookie) in
the browser's location or URL field, as shown in Figure 4-7. Here you can see the LTPA token
and JSESSIONID.
Figure 4-7 LTPA token shown by "javascript:alert(document.cookie"
4.3.4 Anatomy of configuration files
Here we discuss the anatomy of the configuration files.
Configuration files for WebSphere Application Server global security
In the context of the chapter, <portal_root> represents the directory root where WebSphere
Portal is installed. For example:
Windows: C:\IBM\WebSphere\PortalServer
UNIX/Linux: /opt/IBM/WebSphere/PortalServer
and <wsas_profile_root> is the root directory of the WebSphere Application Server profile.
Depending on whether the system is standalone or in a cluster, this means two different
directories. For example:
Windows: C:\IBM\WebSphere\AppServer\profiles\wp_profile
UNIX/Linux: /opt/IBM/WebSphere/AppServer/profiles/wp_profile
security.xml
This is the configuration file for the WebSphere Application Server global security. Whenever
a security problem is encountered, this is the first file to be examined. There is only one copy
of this file for a cell. Its location is at <wsas_profile_root>/config/cells/<cellname>. Do not put
another copy in any of the subdirectories.
A "skeleton" of the file is shown in Example 4-3. We have omitted some of the content in the
file to emphasize the information relevant to the our purposes.
Example 4-3 Sample security.xml: the first segment
<?xml version="1.0" encoding="UTF-8"?>
<security:Security xmi:version="2.0" ... enabled="true" cacheTimeout="600" ...
activeAuthMechanism="LTPA_1" activeUserRegistry="CustomUserRegistry_1"
defaultSSLSettings="SSLConfig_1">
...
<authMechanisms xmi:type="security:LTPA" xmi:id="LTPA_1" OID="oid:1.3.18.0.2.30.2"
authContextImplClass="com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl"
authConfig="system.LTPA" simpleAuthConfig="system.LTPA" authValidationConfig="system.LTPA"
timeout="480" password="{xor}KzYyOms5KjE=">
<trustAssociation xmi:id="TrustAssociation_1" enabled="false">
<interceptors xmi:id="TAInterceptor_1"
interceptorClassName="com.ibm.ws.security.web.WebSealTrustAssociationInterceptor"/>
110
IBM WebSphere Portal V6 Self Help Guide