InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.18: Securing applications >
6.6.18.1: Securing applications >
6.6.18.1.4a.3: Authentication Mechanism settings
of the Configure Global Settings task

6.6.18.1.4a.3: Authentication Mechanism settings
of the Configure Global Settings task

Local Operating System
Specifies that information will be authenticated with the underlying operating system's user registry. Usually, such registries apply basic authentication, checking a user ID and password.

This selection influences the fields displayed on subsequent tabbed pages. If the administrator enables authentication by the Local Operating System, some properties described in this file will not be displayed because they do not apply to that situation.

If using a Windows-based operating system belonging to a domain, see the note about configuring permissions.

Lightweight Third Party Authentication (LTPA)
Specifies that basic or certificate authentication will be used to authenticate the user with an LDAP directory service. If you select LTPA, provide additional information:

  • Token Expiration: Specifies how many minutes can pass before a client using an LTPA token must authenticate again. LTPA uses tokens to store the authenticated status of a client.

    Legal Values:

    • A positive integer indicates the token life, in minutes

  • Generate Keys: Specifies whether the LTPA mechanism should generate a new set of encrypted keys right now. When prompted for a password, supply a string that is used by the underlying key generation mechanism.

    When the administrator selects LTPA as the authentication mechanism, encryption keys are generated automatically. The administrator need not click this button unless he or she would like those initial keys to be replaced by new keys.

  • Import from File: Specifies whether to import a file containing the encryption keys. This allows IBM WebSphere Application Server to share keys from other IBM products that support this functionality.

      If the administrator specified a password when he or she created the key file, the administrator will be prompted for that password when he or she tries to import the key file.

  • Export to File: Specifies whether to export a file containing the encryption keys. This allows IBM WebSphere Application Server to share the keys with other IBM products that support this functionality.

  • Enable Single Sign On: Enabling Single Sign On (SSO) tells LTPA to store extra information in the tokens so that other applications can accept clients as already authenticated by WebSphere Application Server. When clients try to access the other applications, they will not be interrupted and asked to log in.

    • Domain: Restrict SSO to servers in the domain you specify in this field.

    • Limit to SSL connections only Specifies to use a connection with SSL for Single Sign On, to prevent the SSO token from flowing over non-secure connections.

    WebSphere Application Server Version 3.5 introduces support for Single Sign On with Domino Server. WebSphere Application Server can import and export keys and provide a Single Sign On between the WebSphere Application Server and Domino environments.

Go to previous article: User Registry settings of the Configure Global Settings task Go to next article: Application Default settings of the Configure Global Settings task

 

 
Go to previous article: User Registry settings of the Configure Global Settings task Go to next article: Application Default settings of the Configure Global Settings task