Configure Lightweight Third Party Authentication
Procedure
- From the admin console, click...
Security | Global security | Authentication mechanisms | LTPA- Enter the password and confirm it in the password fields.
This password is used to encrypt and decrypt the LTPA keys during export and import of the keys. Remember this password because you enter it again when the keys from this cell are exported to another cell.
- Enter a positive integer value in the Timeout field.
This timeout value refers to how long an LTPA token is valid in minutes. The token contains this expiration time so that any server that receives the token can verify that the token is valid before proceeding further.
When the token expires, the user is prompted to log in.
An optimal value for this field depends on your configuration. The default value is 30 minutes.
- Optional. In the Key file name field, specify the name of the file that is used when you import or export keys. We can use this field in conjunction with the Import keys and Export keys buttons at the top of the panel.
- Click Apply or OK.
The LTPA configuration is now set. Do not generate the LTPA keys in this step because they are automatically generated later. Proceed with the rest of the steps required to enable security, starting with single signon (SSO) (if SSO is required).
- Complete the information in the Global Security panel and click OK. The LTPA keys are generated automatically the first time. Do not generate the keys manually.
Result
The previous steps configure LTPA by setting passwords that generate LTPA keys.
What to do next
After configuring LTPA, complete the following steps to work with your key files:
- Generate key files.
- Export key files.
- Import key files.
- If you are enabling security, make sure that you complete the remaining steps starting with enabling SSO.
- If you generated a new set of keys or imported a new set of keys, verify that the keys are saved by clicking Save at the top of the panel. Because LTPA authentication uses time sensitive tokens, verify that the time, date, and time zone are synchronized among all product servers that are participating in the protection domain. If the clock skew is too high between servers, the LTPA token appears prematurely expired and causes authentication or validation failures.
See also
Configuring Lightweight Third Party Authentication keys
Lightweight Third Party Authentication settings
See Also
User registries
Single signon
Trust associations
Related Tasks
Configuring global security