Exporting LTPA keys
To support SSO in WAS across multiple WAS domains or cells, share the keys and the password among the domains. Verify the time in the domains is similar so that you do not mistakenly interpret the tokens as expired between the cells.
Overview
Complete the following steps in the console to export key files for LTPA so that they can be shared across domains:
Procedure
- Type http://server:port_number/ibm/console in a Web browser to access the console.
- Click Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration.
- In the Password and Confirm password fields, enter the password that is used to encrypt the LTPA keys. Remember the password so used to it later when the keys are imported into the other cell.
- In the Fully qualified key file name field, specify the fully qualified path to the location where you want the exported LTPA keys to reside. You must have write permission to this file.
- Click Export keys to export the keys to the location that you specified in the Fully qualified key file name field.
- Specify the Internal server ID that is used for interprocess communication between servers. The server ID is protected with an LTPA token when sent remotely. You can edit the internal server ID to make it identical to server IDs across multiple appserver administrative domains (cells). By default this ID is the cell name.
- Click OK and Save.
Results
You can share LTPA keys and passwords among domains on WebSphere Application Server.
What to do next
After exporting the keys from one cell, import those keys into the other cell. For more information, see Importing LTPA keys
LTPA key sets and key set groups
Related tasks
Generating LTPA keys
Importing LTPA keys
Disabling automatic generation of LTPA keys
Activating LTPA key versions