+

Search Tips   |   Advanced Search

+

Search Tips   |   Advanced Search

Configure Cross-Cell-Single Sign On


Overview

Enable single sign-on (SSO) on all the instances of WebSphere Application Server for which you plan to establish SSO.

To enable SSO on WebSphere Application Server...

  1. Log in to the WebSphere Application Server administration console and go to...

      Security | Global Security | Authentication cache settings | Web and SIP security | Single sign-on (SSO) | General Properties

    ...and specify...

      Enabled Selected by default.
      Requires SSL Domain name to use for the servers; for example, my.companyname.com.
      Interoperability Mode Select if not selected by default.
      Web inbound security attribute propagation Selected by default.

  2. Click OK and save to the master configuration.

    Repeat the preceding steps for the other instances of WebSphere Application Server for which you plan to establish SSO.


Export the LTPA key

Export an LTPA key from WebSphere Application Server to import into other instances of WebSphere Application Server. You only need to export the LTPA key from one server.

  1. Enable SSO on WebSphere Application Server.

  2. Log in to the WebSphere Application Server administration console and go to...

      Security | Global security | Authentication | LTPA | Cross-cell single sign-on

  3. Specify a password for the LTPA key.

  4. Enter the LTPA key name and directory to which to export the key in the Fully qualified key file name field.

    For example...

      /opt/my_key_name

  5. Click Export keys.

  6. Click OK and save to the master configuration.

  7. Navigate to the directory where you exported the LTPA key.

  8. Copy the LTPA key to the file system where you plan to import it.


Import the LTPA key

  1. Copy the LTPA key from the file system where you exported it to the file system where you plan to import it.

  2. Log in to the WebSphere Application Server administration console and go to...

      Security | Global security | Authentication | LTPA | Cross-cell single sign-on section

  3. Specify the password for the LTPA key.

  4. Enter the directory on your file system where you copied the LTPA key in the Fully qualified key file name field.

  5. Click Import keys.

  6. Click OK and save to the master configuration.

  7. Restart both the server you exported the LTPA key from and the server into which you imported the LTPA key. Restart the servers only after you have imported the LTPA key into all the servers for which you plan to establish SSO.

Repeat the steps in this task for all servers for which you plan to set up SSO, then restart all servers.


Verify single sign-on

You have successfully established SSO between multiple instances of WebSphere Application Server when we can log in to one administration console then access the other administration consoles without having to log in again. To verify SSO, log in to the WebSphere Application Server administration console where you exported the LTPA key. In your browser's address bar, enter the URL for the WebSphere Application Server administration console where you imported the LTPA key.

If the WebSphere Application Server administration console opens without requiring you to log in, you have successfully set up SSO.