Lightweight Third Party Authentication settings
Use this page to configure Lightweight Third Party Authentication (LTPA) settings.
To view this administrative console page...Security | Global security | Authentication mechanisms | LTPA
If you are configuring security for the first time, only the password is required. After the password is entered, click Apply. Under Additional Properties, click Single signon (SSO) and enter the domain name. Make sure that SSO is enabled. Click Apply.
To complete the security setup, make sure that the appropriate registry is set up and click Apply from the Global security panel. When security is enabled and any of these properties change, go to the Global security panel under Security > Global security and click Apply to validate the changes.
- Generate Keys
Specifies whether the server generates new Lightweight Third Party Authentication (LTPA) keys.
When security is turned on for the first time with LTPA as the authentication mechanism, the LTPA keys are automatically generated with the password entered in the panel. If you need a new set of keys to generate using the previously set password, click Generate Keys. If a new password is used, do not click this option. After the new password is entered and OK or Apply is clicked, a new set of keys is generated. A new set of generated keys is not used until you save them.
- Import Keys
Specifies whether the server imports new LTPA keys.
To support single signon (SSO) in the WebSphere product across multiple WebSphere domains (cells), share the LTPA keys and the password among the domains. Use the Import Keys option to import the LTPA keys from other domains. The LTPA keys are exported from one of the cells to a file. To import a new set of LTPA keys, enter the appropriate password, click OK and click Save. Then, enter the directory location where the LTPA keys are located prior to clicking Import keys. Do not click OK or Apply, but save the settings.
- Export Keys
Specifies whether the server exports LTPA keys.
To support single signon (SSO) in the WebSphere product across multiple WAS domains (cells), share the LTPA keys and the password among the domains. Use the Export Keys option to export the LTPA keys to other domains.
To export the LTPA keys, make sure that the system is running with security enabled and is using LTPA. Enter the file name in the Key file name field and click Export Keys. The encrypted keys are stored in the specified file.
Specifies the password to encrypt and decrypt the LTPA keys. Use this password when importing these keys into other WAS administrative domain configurations (if any) and when configuring SSO for a Lotus Domino server.
After the keys are generated or imported, they are used to encrypt and decrypt the LTPA token. Whenever the password is changed, a new set of LTPA keys are automatically generated when you click OK or Apply. The new set of keys is used after the configuration changes are saved.
Data type String
- Confirm password
Specifies the confirmed password used to encrypt and decrypt the LTPA keys.
Use this password when importing these keys into other WAS administrative domain configurations (if any) and when configuring SSO for a Lotus Domino server.
Data type String
Specifies the time period in minutes at which an LTPA token expires. Verify that this time period is longer than the cache timeout configured in the Global security panel.
Data type Integer Units Minutes Default 120
- Key file name
Name of the file used when importing or exporting keys.
Enter a fully qualified key file name, and click Import Keys or Export Keys.
Data type String
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.