Use this page to configure Lightweight Third Party Authentication (LTPA) settings. To view this administrative console page, complete the following steps:
Configuration tab
Whether the server generates new Lightweight Third Party Authentication (LTPA) keys.
When security is turned on for the first time with LTPA as the authentication mechanism, the LTPA keys are automatically generated with the password entered in the panel. If you need a new set of keys to generate using the previously set password, click Generate Keys. If a new password is used, do not click this option. After the new password is entered, you click OK or Apply, and a new set of keys is generated. A new set of generated keys is not used until you save them.
Whether the server imports new LTPA keys.
To support single sign-on (SSO) in the WebSphere Application Server product across multiple WebSphere Application Server domains (cells), share the LTPA keys and the password among the domains. You can use the Import Keys option to import the LTPA keys from other domains. The LTPA keys are exported from one of the cells to a file. To import a new set of LTPA keys, enter the appropriate password, click OK and click Save. Then, enter the directory location where the LTPA keys are located prior to clicking Import keys. Do not click OK or Apply, but save the settings.
Whether the server exports LTPA keys.
To support single sign-on (SSO) in the WebSphere product across multiple WebSphere Application Server domains (cells), share the LTPA keys and the password among the domains. Use the Export Keys option to export the LTPA keys to other domains.
To export the LTPA keys, make sure that the system is running with security enabled and is using LTPA. Enter the file name in the Key file name field and click Export Keys. The encrypted keys are stored in the specified file.
The password that is used to encrypt and decrypt the LTPA keys. Use this password when importing these keys into other WebSphere Application Server administrative domain configurations and when configuring SSO for a Lotus Domino server.
After the keys are generated or imported, they are used to encrypt and decrypt the LTPA token. Whenever the password is changed, a new set of LTPA keys are automatically generated when you click OK or Apply. The new set of keys is used after the configuration changes are saved.
| Data type | String |
The confirmed password that is used to encrypt and decrypt the LTPA keys.
Use this password when importing these keys into other WebSphere Application Server administrative domain configurations and when configuring SSO for a
Lotus Domino server.
| Data type | String |
The time period in minutes at which an LTPA token expires. Verify that this time period is longer than the cache timeout value that is configured in the Global security panel.
| Data type | Integer |
| Units | Minutes |
| Default | 120 |
The name of the file that is used when importing or exporting keys.
Enter a fully qualified key file name, and click Import Keys or Export Keys.
| Data type | String |