Secure environment on Solaris
After installing WebSphere Portal and configuring the user registry, there are additional security tasks that you can run to ensure the security of your environment. To secure your environment:
- Secure LTPA keys on a production environment
The Lightweight Third Party Authentication (LTPA) key holds cryptographic keys that secure the user authentication session and cookies. To secure the production server environment, regenerate the LTPA key using the admin console. If you plan to enable single sign-on at a later time, disable automatic key generation.
- Enable step-up authentication and/or the Remember me cookie
Step-up authentication provides authentication levels for pages and portlets. The Remember me cookie is an encrypted HTTP cookie that supports state-of-the-art authentication, which allows you to present personalized portlets and pages in a public area without asking the user to manually authenticate. Together, these two features allow remembered users to view anonymous pages and portlets with a standard or identified authentication level. By providing a valid Remember me cookie, a user can also be allowed to access protected pages and portlets that require the identified authentication level. If the authentication level is set to authenticated, the user will have to provide a user ID and password to view the page or portlet.
- Configure Remember me for J2EE authentication
WebSphere Portal allows you to configure Remember me for J2EE authentication, which works in conjunction with step-up authentication. When this feature is enabled, a user will be logged in automatically when accessing a protected portal area by presenting a valid Remember me cookie. Unless the requested resource has a higher step-up authentication requirement, the user will not be asked to provide any other proof of identity (for example, user name and password) to enter the protected portal area.
- Disable step-up authentication and/or the Remember me cookie
You can disable the step-up authentication task and/or the Remember me cookie task to remove the features from your system.
- Step-up authentication properties
After enabling step-up authentication, you may need to adjust the settings to fit your business needs. You can use the admin console to create new properties, if necessary, or update existing properties.
- Remember me properties
After enabling the Remember me cookie, you may need to adjust the settings to fit your business needs. You can use the admin console to create new properties, if necessary, or update existing properties.
Parent topic:
Additional security features