Secure LTPA keys on a production environment
The LTPA cryptographic keys secure user authentication sessions and cookies. To secure the production server environment, regenerate the LTPA key using the WAS admin console. To enable single sign-on at a later time, disable automatic key generation.
Regenerate the LTPA keys
Log on to the WAS admin console, and run...
Security | Secure administration, applications, and infrastructure | Authentication mechanisms and expiration | Key Generation | NodeLTPAKeySetGroup | Generate Keys | Save
This step need only be completed once in a clustered environment.
Disable automatic LTPA key generation on all servers of the single sign-on domain
By default, WAS is configured to automatically regenerate the LTPA keys every 90 days. If we setup single sign-on to export the LTPA key, and then import it on another server, disable automatic key generation; otherwise, single sign-on fails after 90 or 180 days because of the regenerated keys.
Log on to the WAS admin console, go to...
Security | Secure administration, applications, and infrastructure | Authentication mechanisms and expiration | Key generation - Key set groups | NodeLTPAKeySetGroup
...and disable the checkbox...
Key generation - Automatically generate keys
Parent Securing