Hello there!

Need Help? We are right here!

miniOrange Email Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

LTPA (Lightweight Third-Party Authentication)

miniOrange implements LTPA authentication protocol depending upon business scenarios.

LTPA Authentication Protocol

LTPA (Lightweight Third-Party Authentication) is an authentication technology used to facilitate Single-Sign-On between servers and applications without having the user to enter their credentials twice as long as the applications ans servers are in the same realm. Authentication is managed by generating a single user token at the time of initial login which is set as HTTP Cookie or passed back as response to an API call. The same token can then be used by the user to log into other servers / applications.

The LTPA session token is a token generated by Base64 encoding a string containing encrypted user information. This LTPA token can be decoded to get user information and create appropriate session at the Server / Application.

LTPA Token

  • The LTPA Token includes expiry, the user name and a digital signature. It can also include extra attributes in a key value pair format.
  • The digital signature is generated with a SHA-1 hash algorithm and RSA 1024-bit key encryption.
  • This token is then encrypted with a 3DES algorithm and a shared LTPA key.
  • The final step is to Base64 encode the token.

LTPA Token Versions and Format

  • LTPA 1: LTPA 1 signatures are generated with SHA-1 as the hash algorithm, and RSA (1024-bit key) as the encryption algorithm. After the digital signature is attached, the user data and signature are encrypted with a 3DES shared LTPA key.
  • LTPA 2: LTPA 2 tokens have the same format as LTPA 1 tokens. However, these tokens can contain additional information about the user. LTPA 2 also uses SHA-1 as Hash algorithm and RSA (1024 bit-key) as encryption method for digital signature but can use 3DES or AES shared LTPA key.

LTPA Authentication Flow

LTPA Single-Sign-On (SSO) Authentication Flows

  • The user lands on the Client. Client makes a request to the Server.
  • The server asks the user to log in and user enters the credentials.
  • On successful authentication the server responds with the LTPA Token. This can either be sent as an API response or sent to the User Agent as a Set-Cookie response header.
  • The client makes future request with the LTPA Token and the server responds if the token is still valid.
  • The token stays valid only for a short while to prevent session hijacking.


LTPA Single-Sign-On (SSO) Flows

  • LTPA works well with one cell (LTPA Keys are at the same place) but can also work well in an multi cell environment. But in a multi cell environment a key exchange needs to take place between servers so that all servers are able to verify the LTPA Token.
  • User first logs in to the first application and gets the LTPA Token.
  • The request is sent to access the second application along with the LTPA Token.
  • The second server contacts the first server to get LTPA Keys. With the keys the second server decodes and verifies the LTPA Token.

Why Our Customers choose miniOrange Secure Identity Solutions ?

24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Try Now

Affordable Pricing

miniorange provides most affordable Secure Identity Solutions for all type of use cases and offers different packages based on customer's requirement.

Request A Quote

We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -

   +1 978 658 9387 (US)   ,   +91 97178 45846 (India)    |       info@xecurify.com