Use this page to configure Lightweight Third Party Authentication (LTPA) settings.
To view this administrative console page, click Security > Authentication Mechanisms > LTPA.
If you are configuring security for the first time, only the password is required. After the password is entered, click Apply. Click Single signon (SSO) and enter the domain name. Make sure that SSO is enabled. Click Apply. In the Global Security panel, click Custom Properties. A list of security properties is displayed. Click the control_region_security_enable_trusted_applications property. On the new window, change the Value field from false to true, and click Apply. To complete the security setup, make sure that the appropriate registry is set up and click Apply from the Global Security panel. When security is enabled and any of these properties change, go to the Global Security panel and click Apply to validate the changes.
Configuration tab
When security is turned on for the first time with LTPA as the authentication mechanism, the LTPA keys are automatically generated with the password entered in the panel. If you need a new set of keys to generate using the previously set password, click Generate Keys. If a new password is used, do not click this option. After the new password is entered and OK or Apply is clicked, a new set of keys is generated. A new set of generated keys is not used until you save them.
To support single signon (SSO) in the WebSphere product across multiple WebSphere domains (cells), share the LTPA keys and the password among the domains. You can use the Import Keys option to import the LTPA keys from other domains. The LTPA keys are exported from one of the cells to a file. To import a new set of LTPA keys, enter the appropriate password, click OK and click Save. Then, enter the directory location where the LTPA keys are located prior to clicking Import keys. Do not click OK or Apply, but save the settings.
To support single signon (SSO) in the WebSphere product across multiple WebSphere Application Server domains (cells), share the LTPA keys and the password among the domains. Use the Export Keys option to export the LTPA keys to other domains.
To export the LTPA keys, make sure that the system is running with security enabled and is using LTPA. Enter the file name in the Key File Name field and click Export Keys. The encrypted keys are stored in the specified file.
After the keys are generated or imported, they are used to encrypt and decrypt the LTPA token. Whenever the password is changed, a new set of LTPA keys are automatically generated when you click OK or Apply. This new set of keys is used only when you save.
Data type | String |
Use this password when importing these keys into other WebSphere Application Server administrative domain configurations (if any) and when configuring SSO for a Lotus Domino server.
Data type | String |
Data type | Integer |
Units | Minutes |
Default | 120 |
Enter a fully qualified key file name, and click Import Keys or Export Keys.
Data type | String |