System administrators can copy an LTPA key to Eclipse Amlen to use in an LTPA profile by using the Eclipse Amlen REST API PUT method. System administrators can then create an LTPA profile by using the Eclipse Amlen REST API POST method. Existing LTPA profiles can also be updated by system administrators by using the Eclipse Amlen REST API POST method.
Before you can configure an LTPA profile, you must have an LTPA key. You can export an LTPA key from servers such asWebSphere® Application
Server. For more information about LTPA, see Lightweight Third Party Authentication (LTPA).
You can create or update an LTPA profile by using REST Administration APIs, or by using the Amlen WebUI. For more information about using the Amlen WebUI to create an LTPA profile, see Configuring LTPA profiles by using the Amlen WebUI.
-
To create an LTPA profile, first copy the LTPA key file into Eclipse Amlen by using the Eclipse Amlen REST API PUT method with the following Eclipse Amlen file URI:
http://<admin-endpoint-IP:Port>/ima/v1/file/<filename>
The key file is copied to /var/lib/amlen-server/userfiles
-
To create or update an LTPA profile, use the Eclipse Amlen REST API POST method with the following Eclipse Amlen configuration URI:
http://<admin-endpoint-IP:Port>/ima/v1/configuration/
-
Provide LTPAProfile object configuration data in the payload of the POST method by using the following schema. Content-type is set to application/json. Ensure that capitalization and double quotation marks are used as shown.
{
"LTPAProfile": {
"<NameOfLTPAProfile>": {
"KeyFileName": "string",
"Password": "string",
"Overwrite": true|false
}
}
}
Where:
- NameOfLTPAProfile
- Required.
- Specifies a name for the LTPA profile.
- The name can be a maximum of 256 alphanumeric characters.
- The name must not have leading or trailing spaces and cannot contain control characters, commas, double quotation marks, backslashes, or equal signs. The first character must not be a number.
- After the profile is created, this name cannot be changed.
- KeyFileName
- Required if you are creating an LTPA profile.
- Specifies the name of the key file to use with this LTPA profile. The key file must exist on Eclipse Amlen.
- The name can be a maximum of 255 alphanumeric characters. The first character must not be a number.
- Password
- Required if you are creating an LTPA profile.
- Specifies the LTPA password that is associated with the key file used in the LTPA profile.
- The value of this parameter is not returned on the REST API GET method.
- Overwrite: true|false
- Specifies whether an existing key is overwritten if it has the same name.
- The default value is false which means that an existing key is not overwritten if it has the same name.
You can check that the configuration of your LTPA profile is as expected by using the Eclipse Amlen REST Administration API GET method. For more information about the GET method, see Viewing configuration details of objects that can be named by using REST Administration APIs.
The following example shows the PUT method to copy a key
certificateKey.pem to
/var/lib/amlen-server/userfiles in
Eclipse Amlen by using cURL:
curl -X PUT -T certificate.pem http://10.10.2.149:9089/ima/v1/file/ltpa.key
The following example shows a POST method to create an LTPA profile named
MyLTPAProfile by using cURL.
curl -X POST \
-H 'Content-Type: application/json' \
-d '{
"LTPAProfile": {
"MyLTPAProfile": {
"KeyFileName": "ltpa.key",
"Password": "ltpakeypassword"
}
}
}
' \
http://127.0.0.1:9089/ima/v1/configuration/
The following shows an example response to the POST
method.
{
"Version": "v1",
"Code": "CWLNA6011",
"Message": "The requested configuration change has completed successfully."
}