Configure the authentication mechanism
WebSphere Application Server provides these authentication mechanisms:
Simple WebSphere Authentication Mechanism (SWAM)
(Base product only) By default, WebSphere Application Server uses SWAM as the authentication mechanism. SWAM is intended for single-server topologies. If you want to use SWAM, no configuration is necessary.Lightweight Third Party Authentication (LTPA)
If you are using the Network Deployment product, LTPA is the only supported authentication mechanism. If you are using the base product, use LTPA to support single signon and the ability to forward credentials to other application server processes. To configure LTPA, use the administrative console.
For more information about how the authentication mechanism works, see Authentication mechanism.
Configure the LTPA authentication mechanism
Perform these steps in the WebSphere administrative console to enable LTPA as the authentication mechanism for WebSphere security:
Expand Security --> Authentication Mechanisms, and click LTPA.
Enter the password and confirm it in the password fields. This password is used to encrypt and decrypt the LTPA keys when they are exported and imported. You need to enter this password again when you export the keys to another cell. For more information about LTPA keys, see Configure LTPA keys.
Enter a positive integer value in the Timeout field. This timeout refers to how long a LTPA token is valid, in minutes. The token contains this expiration time so that any server that receives this token can make sure that this token is valid before proceeding further. When the token expires, the user is prompted to login. An optimal value for this depends on your configuration. The default value is 30 minutes.
Click Apply. The LTPA configuration is now set. You should not generate the LTPA keys in this step because they are automatically generated later.
If your application contain form-based login, you may want to enable single sign-on support. For more information, see Configure single signon.
(Optional) Configure a trust association interceptor.
Complete the information in the Global Security panel and press OK. When OK or Apply is clicked in the Global Security panel the LTPA keys are generated automatically the first time, and therefore, not generate the keys manually.
If you later need to generate keys, see Configure LTPA keys.
Stop and then start your servers for the changes to take effect.