SamWalker

Secure Token Service

Discussion created by SamWalker on Sep 12, 2017

Hello, I am a newbie to API Gateway capabilities. Appreciate any insights they can offer with my requirement.


We have 2 IBM systems, which are connected to 2 backend user repositories generating their own individual LTPA Tokens. One IBM system can not understand other system's LTPA Token.

Can API Gateway's token translation service act as a broker and facilitate seemlees communication between 2 systems?

Technical flow would be:

A user logs into IBM System that is connected to Sun Directory -> LTPA 1 is generated
User goes to other IBM System -> LTPA can not be understood, so the second IBM System redirects the user to API Gateway STS along with LTPA 1
API Gateway should be able to read LTPA1 (assuming it has all the keys needed) , API Gateway creates LTPA2
APIGateway forwards the user to second IBM System along with LTPA 2 token.

Is it even possible? or am I getting the idea of STS completely wrong?

Also Another use case would be creating a LTPA token from SMSESSION token? Is it possible?

Outcomes