+

Search Tips   |   Advanced Search

Secure LTPA keys on a production environment

The LTPA cryptographic keys secure user authentication sessions and cookies. To secure the production server environment, regenerate the LTPA key using the WAS admin console. To enable single sign-on at a later time, disable automatic key generation.


Regenerate the LTPA keys

Log on to the WAS admin console, and run...

    Security | Secure administration, applications, and infrastructure | Authentication mechanisms and expiration | Key Generation | NodeLTPAKeySetGroup | Generate Keys | Save

This step need only be completed once in a clustered environment.


Disable automatic LTPA key generation on all servers of the single sign-on domain

By default, WAS is configured to automatically regenerate the LTPA keys every 90 days. If we setup single sign-on to export the LTPA key, and then import it on another server, disable automatic key generation; otherwise, single sign-on fails after 90 or 180 days because of the regenerated keys.

Log on to the WAS admin console, go to...

    Security | Secure administration, applications, and infrastructure | Authentication mechanisms and expiration | Key generation - Key set groups | NodeLTPAKeySetGroup

...and disable the checkbox...

    Key generation - Automatically generate keys


Parent Securing