LTPAPrivateKey Errors After Enabling Security

Technote (FAQ)
Problem
After enabling security and configuring LDAP as the Authentication Mechanism the administrative server gets restarted, but the following errors show in the tracefile.

[02.03.21 08:37:59:957 CST] 4be2cc Initializer W SECJ0007E: Error during security initializationjava.lang.NullPointerException at com.ibm.ejs.security.ltpa.LTPAPrivateKey.decode(LTPAPrivateKey.java:50) at com.ibm.ejs.security.ltpa.LTPAPrivateKey.<init>(LTPAPrivateKey.java:40) at com.ibm.ejs.security.ltpa.LTPAServerBean.updateAll(LTPAServerBean.java:106) at com.ibm.ejs.security.Initializer.updateActiveLtpaConfig(Initializer.java:392) at com.ibm.ejs.security.Initializer.propagateSecurityConfig(Initializer.java:296) at com.ibm.ejs.security.Initializer.initialize(Initializer.java:173) at com.ibm.ejs.security.Initializer.serverStarted(Initializer.java:129) at com.ibm.ws.runtime.Server.fireServerStarted(Server.java:1977) at com.ibm.ws.runtime.Server.fireServerStarted(Server.java:1970) at
Cause
When using LTPA for SSO (single sign on), WebSphere is using session-based authentication. This means that the LTPA token contains the domain name information needed for the user to move from server to server without re-authenticating.

This name is provided to other servers in the domain through the LTPA key file. If you make changes to server names inside the SSO domain you will have problems unless you regenerate these keys to reflect the change. Examples of changes requiring LTPA key regeneration:
Solution
To resolve this problem, create a new key to be used by WebSphere.

From the Security Center (4.0x) or the Global Security Wizard (3.5x) under the Authentication Tab press the Generate Keys button. A prompt will be presented to enter a new password for the new key.

In some cases, such as using Domino with SSO, you may need to export the key and import it into Domino. See technote number 1054556: SSO not working: WebSphere and Domino Server.












Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Security
Operating system(s): Multi-Platform
Software version: 3.5, 4.0
Software edition: Advanced, Enterprise
Reference #: 1050607
IBM Group: Software Group
Modified date: 2004-09-06