Secure LTPA keys on a production environment

 

+

Search Tips   |   Advanced Search

 

The Lightweight Third Party Authentication (LTPA) key holds cryptographic keys that secure the user authentication session and cookies. To secure the production server environment, regenerate the LTPA key using the admin console. If you plan to enable single sign-on at a later time, disable automatic key generation.

  1. To regenerate LTPA keys:

    These steps only need to be performed once in a clustered environment.

    1. Log on to the administrative console.

    2. Navigate to...

        Security | Secure administration, applications, and infrastructure | Authentication mechanisms and expiration | Key Generation | NodeLTPAKeySetGroup | Generate Keys

    3. Click Save to save the changes to the master configuration.

    By default, WAS is configured to automatically regenerate the LTPA keys every 90 days. If you setup single sign-on to export the LTPA key and then import it on another server, disable the automatic key generation; otherwise, single sign-on will fail after 90 or 180 days because of regenerated keys.

  2. To disable automatic LTPA key generation on all servers of the single sign-on domain:

    1. Log on to the administrative console.

    2. Navigate to...

        Security | Secure administration, applications, and infrastructure | Authentication mechanisms and expiration | Key generation - Key set groups | NodeLTPAKeySetGroup

    3. Disable the checkbox...

        Key generation - Automatically generate keys checkbox

    4. Click OK.

    5. Click Save to save the changes to the master configuration.


Parent topic:

Secure your environment on AIX