FileNet P8 Workplace XT, Version 1.1.5       Application server:  WebSphere Application Server     

Configuring Lightweight Third Party Authentication (LTPA) on WebSphere Application Server

To set up LTPA security, you must configure settings to match on both the Content Engine Web application server and on the Workplace XT Web application server. If your Workplace XT and Content Engine are on the same WebSphere® Application Server, you do not need to configure LTPA.

Attention: If you already have Application Engine or Workplace XT in your environment, you do not need to create the LTPA settings on the Content Engine. Skip to the step for creating the settings on the Workplace XT server.
Important: In a highly available WebSphere environment where Content Engine and Workplace XT or Application Engine are managed by different deployment managers, perform any LTPA configuration steps on the administrative server only. The scope of this action will affect the entire application server configuration.
To configure LTPA:
  1. Create the LTPA settings on the Content Engine WebSphere Application Server.
    1. On the Content Engine server, log in to the WebSphere administrative console.
    2. Navigate to the LTPA settings page:
      WebSphere Application Server 6.1
      Navigate to Security > Secure administration, applications, and infrastructure.

      From the right side of the panel, select Authentication Mechanisms and expiration.

      WebSphere Application Server 7.0
      Navigate to Security > Global security.

      From the right side of the panel, select LTPA.

    3. Enter a value that is larger than the default for the Timeout value for forwarded credentials between servers setting on WebSphere Application Server 6.1 or the LTPA timeout setting on WebSphere Application Server 7.0. For example, if the timeout value is left at the default value of 120 minutes, the LTPA key expires after 2 hours. Users will not be able to log in to Workplace XT after being logged in for 2 hours.
    4. Click Generate Keys.
    5. Save your changes.
    6. In the box for Cross-cell single sign-on, type a password to create the LTPA password.
    7. For password restrictions, see the WebSphere Application Server documentation. If you have already configured Content Engine for LTPA, use the existing password in the Workplace XT configuration below.
    8. Enter the fully qualified path for the Key File Name. For example, /opt/LTPA/ltpa_key_name.
    9. Click Export keys.
    10. Verify that a message similar to the following message is displayed: The keys were successfully exported to the file ltpa_key_name.
    11. Click Import keys.
    12. Click OK, then click Save changes directly to the master configuration.
    13. Stop and restart WebSphere Application Server.
    14. Copy the key file from the Content Engine server location you specified above to a directory on the Workplace XT server. For example, /opt/LTPA/ltpa_key_name.
  2. Create the LTPA settings on the Workplace XT WebSphere Application Server server.
    1. On the Workplace XT server, log in to the WebSphere administrative console.
    2. Navigate to the LTPA settings page:
      WebSphere Application Server 6.1
      Navigate to Security > Secure administration, applications, and infrastructure.

      From the right side of the panel, select Authentication Mechanisms and expiration.

      WebSphere Application Server 7.0
      Navigate to Security > Global security.

      From the right side of the panel, select LTPA.

    3. Enter a value for the LTPA timeout that is larger than the default. For example, if the timeout value is left at the default value of 120 minutes, the LTPA key expires after 2 hours. Users will not be able to log in to Workplace XT after being logged in for 2 hours.
    4. Save your changes.
    5. In the box for Cross-cell single sign-on, type and confirm the LTPA password you created for Content Engine.

      For password restrictions, see the WebSphere Application Server documentation. If you have already configured Content Engine for LTPA, use the existing password in the Workplace XT configuration.

    6. Specify the path for the key file that you copied to the Workplace XT server. For example, /opt/LTPA/ltpa_key_name.
    7. Click Import keys. Verify that a message similar to the following one is displayed: The keys were successfully imported from the file ltpa_key_name.
    8. Save your changes to the master configuration.


Feedback

Last updated: March 2013
wxtip020.htm

© Copyright IBM Corporation 2013.
This information center is powered by Eclipse technology. (http://www.eclipse.org)