To set up LTPA security, configure settings to match on
both the Content Engine application
server and the Application Engine application
server. If your Application Engine and Content Engine are on the same WebSphere® Application
Server, it is not necessary to
configure LTPA.
If you are already using LTPA with your Content Engine application server, export
the existing keys and copy the key file to the Application Engine server. Check with your Content Engine administrator.
To
configure LTPA, take the following steps:
- On the Content Engine server,
log in to the WebSphere administrative
console.
- Navigate to the LTPA settings page.
Option |
Description |
WebSphere Application
Server 6.1 |
- Navigate to .
- From the right side of the panel, select Authentication
Mechanisms and expiration.
|
WebSphere Application
Server 7.0 |
- Navigate to .
- From the right side of the panel, select LTPA.
|
- Enter a value for the LTPA timeout that
is larger than the default. For example, if the timeout
value is left at the default value of 120 minutes, the LTPA key expires
after 2 hours. Users will not be able to log in to Workplace after being logged in
for 2 hours.
Note: In high availability environments,
set the timeout to
60,000.
- Save your changes.
- In the box for Cross-cell single sign-on,
type a password to create the LTPA password.
For password restrictions, see the WebSphere Application
Server documentation. If you have
already configured Content Engine for
LTPA, use the existing password in the Application Engine configuration below.
- Enter the fully qualified path for the Key File
Name. For example, /opt/LTPA/ltpa_key_name.
- Click Export keys. Verify
that a message similar to the following message is displayed: The
keys were successfully exported to the file ltpa_key_name.
- Click OK, then click Save
changes directly to the master configuration.
- Stop and restart WebSphere Application
Server.
- Copy the key file from the Content Engine server location you specified
above to a directory on the Application Engine server. For example, /opt/LTPA/ltpa_key_name
- On the Application Engine server,
log in to the WebSphere administrative
console.
- Navigate to the LTPA settings page.
Option |
Description |
WebSphere Application
Server 6.1 |
- Navigate to .
- From the right side of the panel, select Authentication
Mechanisms and expiration.
|
WebSphere Application
Server 7.0 |
- Navigate to .
- From the right side of the panel, select LTPA.
|
- Enter a value for the LTPA timeout that
is larger than the default. For example, if the timeout
value is left at the default value of 120 minutes, the LTPA key expires
after 2 hours. Users will not be able to log in to Workplace after being logged in
for 2 hours.
Note: In high availability environments,
set the timeout to
60,000.
- Save your changes.
- In the box for Cross-cell single sign-on,
type and confirm the LTPA password you created
for Content Engine.
For
password restrictions, see the WebSphere Application
Server documentation.
If you have already configured Content Engine for
LTPA, use the existing password in the Application Engine configuration below.
- Specify the path for the key file that you copied to the Application Engine server. For
example, /opt/LTPA/ltpa_key_name.
- Click Import keys. Verify
that a message similar to the following one is displayed: The keys
were successfully imported from the file ltpa_key_name.
- Save your changes.
In
a highly available environment, synchronize the changes across all
nodes after saving your configuration settings.