Why and when to perform this task
Lightweight Third Party Authentication (LTPA) keys are automatically generated when a password change is detected. The first time that you set the LTPA password, as part of enabling security, the LTPA keys are automatically generated after OK or Apply is clicked in the LTPA panel. You do not have to click Generate Keys in this situation. Complete the following steps in the administrative console to generate a new set of LTPA keys:Steps for this task
Why and when to perform this task
To support single signon (SSO) in WebSphere Application Server across multiple WebSphere Application Server domains or cells, share the LTPA keys and the password among the domains. Make sure that the time on the domains is similar to prevent the tokens from appearing as expired between the cells. You can use Export Keys to export the LTPA keys to other domains or cells. Complete the following steps in the administrative console to export key files for LTPA:Steps for this task
Why and when to perform this task
To support single signon (SSO) in WebSphere Application Server across multiple WebSphere Application Server domains or cells, share the LTPA keys and the password among the domains. You can use Import Keys to import the LTPA keys from other domains. Verify that key files are exported from one of the cells involved, into a file. Complete the following steps in the administrative console to import key files for LTPA.
After a new set of keys is generated and saved, the generated keys are not used in the configuration until the WebSphere Application Server is restarted. In a Deployment Manager environment, the node agents and application servers must also be recycled to accept the new keys. If any of the node agents are down, run a manual file synchronization utility from the node agent machine to synchronize the security configuration from the deployment manager.Steps for this task