You must configure Lightweight Third Party Authentication
(LTPA) when you set up security for the first time. LTPA is the default
authentication mechanism for WebSphere Application Server.
Procedure
- Open the administrative console.
Type http://fully_qualified_host_name:port_number/ibm/console to
access the administrative console in a Web browser.
Port 9060
is the default port number for accessing the administrative console.
During installation, however, you might have specified a different
port number. Use the appropriate port number.
- Click Security > Global security.
- Under Authentication, click Authentication
mechanisms > LTPA.
- Enter the password and confirm it
in the password fields. This password is used to encrypt and decrypt
the LTPA keys when you export and import the keys. Remember this password
because you enter it again when the keys from this cell are exported
from this cell and imported into another cell.
- Enter a positive integer value in
the Timeout field. This time out value refers to
how long an LTPA token is valid in minutes. The token contains this
expiration time so that any server that receives the token can verify
that the token is valid before proceeding further.
When the token
expires, the user is prompted to log in.
An
optimal value for this field depends on your configuration. The default
value is 120 minutes.
- Optional: In the Key
file name field, specify the name of the file that is used when
you import or export keys. You can use this field with
the Import keys and Export keys buttons at the top of the panel.
- Click Apply or OK. The LTPA configuration
is now set. Do not generate the LTPA keys in this step because they
are automatically generated later. Proceed with the rest of the steps
that are required to enable security, and start with single sign-on
(SSO), if it is required.
- Complete the information in the
Global Security panel and click OK. The LTPA keys are generated
automatically the first time. Do not generate the keys manually.
Results
The previous steps configured LTPA.
What to do next
After configuring LTPA, you can also complete the following
tasks:
- Generate key files.
- Export key files.
- Import key files.
- If you are enabling security, you can also enable single sign-on
(SSO). See:
- If you generated a new set of keys or imported a new set of keys,
verify that the keys are saved to the master configuration by clicking Save at
the top of the panel. Because LTPA authentication uses time-sensitive
tokens, verify that the time, date, and time zone are synchronized
among all of the product servers that are participating in the protected
domain. Changes to the time, date, and time zone are done independently
from WebSphere Application Server. If the clock skew is too high between
servers, the LTPA token seems prematurely expired and causes authentication
or validation failures.