FileNet P8 Application Engine, Version 5.0.+       Application server:  WebSphere Application Server     

Configuring Lightweight Third Party Authentication (LTPA)

To set up LTPA security, configure settings to match on both the Content Engine application server and the Application Engine application server. If your Application Engine and Content Engine are on the same WebSphere® Application Server, you are not required to configure LTPA.

High availability Note: If your environment uses Workplace XT, follow the instructions for configuring Light weight Third Party Authentication (LTPA) in the IBM® FileNet® Workplace XT Installation and Upgrade Guide.
High availability Important: In a highly available WebSphere environment whereContent Engine and Application Engine are managed by different deployment managers, perform any LTPA configuration steps on the administrative server only. The scope of this action will affect the entire application server configuration.

If you are already using LTPA with your Content Engine application server, you must export only the existing keys and copy the key file to the Application Engine server. Check with your Content Engine administrator.

To configure LTPA:

  1. On the Content Engine server, log in to the WebSphere administrative console.
  2. Navigate to the LTPA settings page.
    Option Description
    WebSphere Application Server 6.1
    1. Navigate to Security > Secure administration, applications, and infrastructure.
    2. From the right side of the panel, select Authentication Mechanisms and expiration.
    WebSphere Application Server 7.0
    1. Navigate to Security > Global security.
    2. From the right side of the panel, select LTPA.
  3. Enter a value for the LTPA timeout that is larger than the default. For example, if the timeout value is left at the default value of 120 minutes, the LTPA key expires after 2 hours. Users will not be able to log in to Workplace after being logged in for 2 hours.
    High availability Note: In high availability environments, set the timeout to 60,000.
  4. Save your changes.
  5. In the box for Cross-cell single sign-on, type a password to create the LTPA password.

    For password restrictions, see the WebSphere Application Server documentation. If you have already configured Content Engine for LTPA, use the existing password in the Application Engine configuration.

  6. Enter the fully qualified path for the Key File Name. For example, /opt/LTPA/ltpa_key_name.
  7. Click Export keys. Verify that a message like the following message is displayed: The keys were successfully exported to the file ltpa_key_name.
  8. Click OK, then click Save changes directly to the master configuration.
  9. Stop and restart WebSphere Application Server.
  10. Copy the key file from the Content Engine server location you specified to a directory on the Application Engine server. For example, /opt/LTPA/ltpa_key_name
  11. On the Application Engine server, log in to the WebSphere administrative console.
  12. Navigate to the LTPA settings page.
    Option Description
    WebSphere Application Server 6.1
    1. Navigate to Security > Secure administration, applications, and infrastructure.
    2. From the right side of the panel, select Authentication Mechanisms and expiration.
    WebSphere Application Server 7.0
    1. Navigate to Security > Global security.
    2. From the right side of the panel, select LTPA.
  13. Enter a value for the LTPA timeout that is larger than the default. For example, if the timeout value is left at the default value of 120 minutes, the LTPA key expires after 2 hours. Users will not be able to log in to Workplace after being logged in for 2 hours.
    High availability Note: In high availability environments, set the timeout to 60,000.
  14. Save your changes.
  15. In the box for Cross-cell single sign-on, type and confirm the LTPA password you created for Content Engine.

    For password restrictions, see the WebSphere Application Server documentation. If you have already configured Content Engine for LTPA, use the existing password in the Application Engine configuration.

  16. Specify the path for the key file that you copied to the Application Engine server. For example, /opt/LTPA/ltpa_key_name.
  17. Click Import keys. Verify that a message like the following one is displayed: The keys were successfully imported from the file ltpa_key_name.
  18. Save your changes.

    High availability In a highly available environment, synchronize the changes across all nodes after saving your configuration settings.



Feedback

Last updated: November 2010


© Copyright IBM Corporation 2010.
This information center is powered by Eclipse technology. (http://www.eclipse.org)