IBM Tivoli Composite Application Manager for Application Diagnostics, Version 7.1.0.1

Configure Lightweight Third Party Authentication

If the Managing Server is using a separate WAS, not the TEPS eWAS, configure Lightweight Third Party Authentication (LTPA) between these application servers. Otherwise, you may skip this section.

Before configuring LTPA, restart both application servers, to make sure all configuration changes have taken effect.

To configure LTPA, export keys from one of the servers and import them on the other. This section describes exporting keys from the TEPS eWAS and importing them into the WAS on which the Visualization Engine is running.

To export LTPA keys from the TEPS eWAS:

  1. Launch TEPS/e administration console. See Enable TEPS/e administrative console.

  2. Select Security > Secure administration, applications, and infrastructure.
  3. On the right side, click Authentication mechanisms and expiration.

  4. Fill in the following fields:

    • Authentication cache timeout: how long, in minutes, an LTPA token is valid. When the token expires, the user must log on again.

    • Timeout value for forwarded credentials between servers: how long, in minutes, the server credentials from another server are valid before they expire. This value must be greater than the value in the Authentication cache timeout field.

    • Password and Confirm password: the password used to encrypt the LTPA keys. Remember the password so that you can use it later when the keys are imported into VE. users will not need to know this password.

    • Fully qualified key file name: fully qualified path and name of the file into which the exported LTPA keys will be written. You must have write permission to the location; any existing file with this name will be overwritten.

  5. Click Export keys. The keys will be exported.

  6. Click OK and Save.

To import LTPA keys into the WebSphere application server on which the Visualization Engine is running:

  1. Launch the WebSphere Administrative Console for the server.

  2. Select Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration.

  3. Fill in the following fields:

    • Password and Confirm password: the password that was used to encrypt the LTPA keys.

    • Fully qualified key file name: fully qualified path and name of the file into which the exported LTPA keys were written.

  4. Click Import keys. The keys will be imported.

  5. Click OK and Save to save the changes to the master configuration.

you may also choose to export LTPA keys from the WebSphere application server on which the Visualization Engine is running, and import them into TEPS eWAS. For more information on LTPA, see the WAS information centre. After performing these procedures, restart both application servers. Then test the single sign-on feature, using a user account that was created on the LDAP and registered in both the Tivoli Enterprise Portal and the Visualization Engine.


Parent topic:

Set up single sign on into Visualization Engine for Tivoli Enterprise Portal users

+

Search Tips   |   Advanced Search