Configure LTPA


The following steps are needed to configure Lightweight Third Party authentication (LTPA) when setting up security for the first time...

  1. Access the administrative console and then go to...

    Security | Authentication mechanisms | LTPA

  2. Enter the password and confirm it in the password fields. This password is used to encrypt and decrypt the LTPA keys during export and import of the keys. Remember this password because you enter it again when the keys from this cell are exported to another cell.

  3. Enter a positive integer value in the Timeout field. This timeout value refers to how long an LTPA token is valid in minutes. The token contains this expiration time so that any server that receives the token can verify that the token is valid before proceeding further. When the token expires, the user is prompted to log in. An optimal value for this field depends on your configuration. The default value is 30 minutes.

  4. Click Apply or OK. The LTPA configuration is now set. Do not generate the LTPA keys in this step because they are automatically generated later. Proceed with the rest of the steps required to enable security, starting with Single Signon (SSO) (if SSO is required).

  5. Complete the information in the Global Security panel and click OK. The LTPA keys are generated automatically the first time. Do not generate the keys manually.

The previous steps configure LTPA by setting passwords that generate LTPA keys.

After configuring LTPA, complete the following steps to work with your key files...

  1. Generate key files.

  2. Export key files.

  3. Import key files.

  4. If you are enabling security, make sure that you complete the remaining steps starting with enabling single signon.

  5. If you generated a new set of keys or imported a new set of keys, verify that the keys are saved by clicking Save at the top of the panel. Because LTPA authentication uses time sensitive tokens, verify that the time, date, and time zone are synchronized among all product servers that are participating in the protection domain. If the clock skew is too high between servers, the LTPA token appears prematurely expired and causes authentication or validation failures.


See Also

User registries
Single Signon
Trust Associations
Configuring global security
Lightweight Third Party Authentication settings