How to retrieve LTPA token from within the portlet?


LTPA token (Light weight Third Party Authentication)

In WebSphere world LTPA token is used to give authenticated users access to all the servers in the same domain automatically. A cookie is sent to client (browser) upon authentication, which contain LTPA token all others servers extract it from cookie and use it for authentication cookie is valid for one browsing session. LTPA token is nothing more than a encrypted format of the authenticated user details.

Enabling LTPA token

LTPA authentication can configured from WebSphere admin console. IBM has clearly defined steps to enable LTPA token here (Enabling LTPA token).

Reading LTPA token from portlet

The portlet API provides a method getCookies() to retrieve the cookies in the portlet. The following custom code snippet is useful for getting LTPA token in portlet.

private String getLtpaToken(PortletRequest request){

Cookie cookie = request.getCookie();
for(Cookie element : cookie){
         System.out.println(“Cookie Name->” + element.getName());
         if( element.getName().contains(“LtpaToken”)) {
            return element.getValue();
         } }
    return “Token Not Found”;

If you want to retrieve LTPA token using the WebSphere security API please check here (How to read the LTPA Token using API).

The reason we are checking for the cookie name containing “LtpaToken” rather than exact name is because it may varied across different versions. For WebSphere portal it could be “LtpaToken2”.


1. Enabling LTPA token
2. Working with Lightweight Third Party Authentication (LTPA)
3. How to read the LTPA Token using API

No comments:

Post a Comment

Recent Posts

Popular Posts

© 2011-2019 Web Portal Club