+

Search Tips   |   Advanced Search

Generate keys manually or automatically, and control the number of active keys.

Configure LTPA and generate the first LTPA keys.

Parent

Configure LTPA and working with keys

WebSphere Application Server generates LTPA keys automatically during the first server startup. We can generate additional keys as we need them in the Authentication mechanisms and expiration panel.
We can disable the automatic generation of new LTPA keys for key sets that are members of a key set group. Automatic generation creates new keys on a schedule specified when you configure a key set group, which manages one or more key sets. WAS uses key set groups to automatically generate cryptographic keys or multiple synchronized key sets.

Generating keys manually or enabling or disabling the generation of keys are tasks that require you to recycle the node agents and application servers to accept the new keys. If any of the node agents are down, run a manual file synchronization utility from the node agent machine to synchronize the security configuration from the deployment manager.

  • Key sets manage LTPA keys in a key store based on a key alias prefix. A key alias prefix is automatically generated when you generate a new key and store it in a key store. Key stores can contain multiple versions of keys for any given key alias prefix. We can specify a maximum number of active keys in the key set configuration.

    Read the Generating Lightweight Third Party Authentication keys article for more information.


    What to do next

    Import and export keys.


    Subtopics

    • Generating Lightweight Third Party Authentication keys
      WebSphere Application Server generates LTPA keys automatically during the first server startup. We can generate additional keys as we need them in the Authentication mechanisms and expiration panel.

    • Disable automatic generation of Lightweight Third Party Authentication keys
      We can disable the automatic generation of new LTPA keys for key sets that are members of a key set group. Automatic generation creates new keys on a schedule specified when you configure a key set group, which manages one or more key sets. WAS uses key set groups to automatically generate cryptographic keys or multiple synchronized key sets.

    • Work with nodes - groups of managed servers
      A node is a grouping of managed or unmanaged servers. We can add both managed and unmanaged nodes to the product topology. If we add a new node for an existing WebSphere application server to the network deployment cell, we add a managed node. If we create a node in the topology for managing web servers or servers other than WebSphere application servers, we add an unmanaged node. We can add, configure, remove, and otherwise work with nodes, node agents, and node groups.

    • Start an application server
      When you start an application server, a new server process starts. This new server process is based on the process definition settings of the current server configuration.

    • Directory conventions
      References in product information to app_server_root, profile_root, and other directories imply specific default directory locations. Become familiar with the conventions in use for WebSphere Application Server.

    • Change the number of active LTPA keys
      Key sets manage LTPA keys in a key store based on a key alias prefix. A key alias prefix is automatically generated when you generate a new key and store it in a key store. Key stores can contain multiple versions of keys for any given key alias prefix. We can specify a maximum number of active keys in the key set configuration.


    Related tasks

  • Generating Lightweight Third Party Authentication keys
  • Disable automatic generation of Lightweight Third Party Authentication keys
  • Work with nodes - groups of managed servers
  • Start an application server
  • Change the number of active LTPA keys


    Related information:

  • Directory conventions