To set up LTPA security, you must configure settings to
match on both the Content Engine Web
application server and on the Workplace XT Web
application server. If your Workplace XT and Content Engine are on the same WebSphere® Application
Server, you do not need to configure
LTPA.
Attention: If you already have Application Engine or Workplace XT in your environment, you
do not need to create the LTPA settings on the Content Engine. Skip to the step for creating
the settings on the Workplace XT server.
Important: In a highly available WebSphere environment where Content Engine and Workplace XT or Application Engine are managed by different
deployment managers, perform any LTPA configuration steps on the administrative
server only. The scope of this action will affect the entire application
server configuration.
To configure LTPA:
- Create the LTPA settings on the Content Engine WebSphere Application
Server.
- On the Content Engine server,
log in to the WebSphere administrative
console.
- Navigate to the LTPA settings page:
- WebSphere Application
Server 6.1
- Navigate to .
From the right side of the panel, select Authentication
Mechanisms and expiration.
- WebSphere Application
Server 7.0
- Navigate to .
From the right side of the
panel, select LTPA.
- Enter a value that is larger than the default for the Timeout
value for forwarded credentials between servers setting
on WebSphere Application
Server 6.1 or the LTPA timeout setting on WebSphere Application Server
7.0. For example, if the timeout value is left at the default
value of 120 minutes, the LTPA key expires after 2 hours. Users will
not be able to log in to Workplace XT after
being logged in for 2 hours.
- Click Generate Keys.
- Save your changes.
- In the box for Cross-cell single sign-on,
type a password to create the LTPA password.
- For password restrictions, see the WebSphere Application
Server documentation. If you have
already configured Content Engine for
LTPA, use the existing password in the Workplace XT configuration below.
- Enter the fully qualified path for the Key
File Name. For example, /opt/LTPA/ltpa_key_name.
- Click Export keys.
- Verify that a message similar to the following message
is displayed: The keys were successfully exported to the
file ltpa_key_name.
- Click Import keys.
- Click OK, then click Save
changes directly to the master configuration.
- Stop and restart WebSphere Application
Server.
- Copy the key file from the Content Engine server location you specified
above to a directory on the Workplace XT server.
For example, /opt/LTPA/ltpa_key_name.
- Create the LTPA settings on the Workplace XT WebSphere Application
Server server.
- On the Workplace XT server,
log in to the WebSphere administrative
console.
- Navigate to the LTPA settings page:
- WebSphere Application
Server 6.1
- Navigate to .
From the right side of the panel, select Authentication
Mechanisms and expiration.
- WebSphere Application
Server 7.0
- Navigate to .
From the right side of the panel,
select LTPA.
- Enter a value for the LTPA timeout that
is larger than the default. For example, if the timeout
value is left at the default value of 120 minutes, the LTPA key expires
after 2 hours. Users will not be able to log in to Workplace XT after being logged in
for 2 hours.
- Save your changes.
- In the box for Cross-cell single sign-on, type and confirm
the LTPA password you created for Content Engine.
For password
restrictions, see the WebSphere Application
Server documentation.
If you have already configured Content Engine for
LTPA, use the existing password in the Workplace XT configuration.
- Specify the path for the key file that you copied to
the Workplace XT server. For
example, /opt/LTPA/ltpa_key_name.
- Click Import keys. Verify
that a message similar to the following one is displayed: The keys
were successfully imported from the file ltpa_key_name.
- Save your changes to the master configuration.