+

Search Tips   |   Advanced Search

Prepare security for remote search service in a single-sign on domain

  1. Make the key file available to all servers in the Single-Sign On (SSO) domain. To do this action, complete the following steps on one of the servers to be part of the SSO domain:

    1. Open the WAS console.

    2. Select Security > Global Security > Authentication > LTPA.

    3. In the field for the fully qualified key name, enter a key file name and click the Export keys button. The keys are written to the file APPSERVER_ROOT/Key File Name.

  2. Import the key file to all other servers of the SSO domain. To do this action, complete the following steps on all other servers to be part of this same SSO domain:

    1. Copy the key file exported in step 1 to the server into the directory WP_PROFILE .

    2. Log in to the WAS console.

    3. Select Security > Global Security > Authentication > LTPA.

    4. In the field for the fully qualified key name, enter a key file name and click the Import keys button. The keys are propagated to all servers of the SSO domain.

    5. Restart all WebSphere Application Server profiles on this server.

  3. Ensure that automatic LTPA key generation is disabled on all servers of the SSO domain:

    1. Log in to the WAS console.

    2. Select Security > Global Security. In the Authentication mechanisms and expiration pane, click LTPA.

    3. Under Key generation, select Key set groups.

    4. Click NodeLTPAKeySetGroup.

    5. In the Key generation pane, disable the Automatically generate keys check box.

    6. Click OK.

    7. Click Save to save the changes to the master configuration.

    8. Log out from the WAS console.


What to do next

For more details about exporting the LTPA token, refer to the WAS information center under Administering > Security > Managing security > Configuring authentication mechanisms > Configuring Lightweight Third Party Authentication > Lightweight Third Party Authentication settings. We can also locate this topic by opening the search feature of the WAS information center and searching for ltpa key export.

If we work with EJB on a secure server, set the search user ID. For details about how to do this step, refer to Set the search user ID


Parent Remote search service

Related tasks:

Set the search user ID