Prepare security for remote search service in a single-signon domain

View the steps to set up portal security for remote search service on a single-signon installation.

For remote search service on a single-signon installation, you need to prepare portal security. To prepare portal security for remote search service on a single portal installation...

  1. Make the key file available to all servers in the Single-Sign On (SSO) domain. To do this, perform the following steps on one of the servers that you plan to be part of the SSO domain:

    1. Open the administrative console.

    2. Select Security -> Global Security. Under Authentication select LTPA.

    3. In the field for the fully qualified key name enter a key file name and click the Export keys button. The keys are written to the file was_profile_root/Key File Name.

  2. Import the key file to all other servers of the SSO domain. To do this, perform the following steps on all other servers that you plan to be part of this same SSO domain:

    1. Copy the key file that you exported in step 1 above to the server into the directory WP_PROFILE .

    2. Log in to the WAS administrative console.

    3. Select Security -> Global Security -> Authentication -> LTPA.

    4. In the field for the fully qualified key name enter a key file name and click the Import keys button. The keys are propagated to all servers of the SSO domain.

    5. Restart all WAS profiles on this server.

  3. Disable automatic LTPA key generation on all servers of the SSO domain:

    1. Log in to the WAS administrative console.

    2. Select Security -> Global Security. Under Authentication mechanisms and expiration, click LTPA.

    3. Under Key generation, select Key set groups.

    4. Click NodeLTPAKeySetGroup.

    5. Under Key generation, disable the Automatically generate keys check box.

    6. Click OK.

    7. Click Save to save changes to the master configuration.

    8. Log out from the administrative console.

For more details about exporting the LTPA token, refer to the WAS information center under Administering -> Security -> Manage security -> Configure authentication mechanisms -> Configure Lightweight Third Party Authentication -> Lightweight Third Party Authentication settings. You can also locate this topic by opening the search feature of the WAS information center and searching for ltpa key export.

If you work with EJB on a secure server, you need to set the search user ID. For details about how to do this, refer to Set the search user ID


Parent

Use remote search service


Related tasks


Prepare for remote search service
Set the search user ID
Configure Portal Search for remote search service
Configure the Search and Browse portlet for local or remote search

 


+

Search Tips   |   Advanced Search