Lightweight Third Party Authentication settings

Use this page to configure Lightweight Third Party Authentication (LTPA) settings.

To view this administrative console page, complete the following steps:
  1. Click Security > Global security.
  2. Under Authentication, click Authentication mechanisms > LTPA.
  1. If you are configuring security for the first time, only the password is required. After the password is entered, click Apply.
  2. Under Additional Properties, click Single sign-on (SSO) and enter the domain name. Make sure that SSO is enabled.
  3. Click Apply.

Custom properties: Trusted applications [z/OS]

The custom_region_security_enable_trusted_applications property enables WebSphere Application Server to build native credentials without authenticators on behalf of the problem state callers. You can use this property to meet the MVS integrity rules so that unauthorized callers are not allowed to perform authorized functions. If you are using Lightweight Third Party Authentication (LTPA) with a local operating system registry or System Authorization Facility (SAF) authorization, set this property to true on the global security panel. To set the property, complete the following steps:
  1. Click Security > Global security, click Custom Properties. A list of security properties is displayed.
  2. Click the control_region_security_enable_trusted_applications property.
  3. On the new window, change the Value field from false to true, and click Apply.

Configuration tab

Generate Keys

Specifies whether the server generates new Lightweight Third Party Authentication (LTPA) keys.

When security is turned on for the first time with LTPA as the authentication mechanism, the LTPA keys are automatically generated with the password entered in the panel. If you need a new set of keys to generate using the previously set password, click Generate Keys. If a new password is used, do not click this option. After the new password is entered, you click OK or Apply, and a new set of keys is generated. A new set of generated keys is not used until you save them.

Import Keys

Specifies whether the server imports new LTPA keys.

To support single sign-on (SSO) in the WebSphere Application Server product across multiple WebSphere Application Server domains (cells), share the LTPA keys and the password among the domains. You can use the Import Keys option to import the LTPA keys from other domains. The LTPA keys are exported from one of the cells to a file. To import a new set of LTPA keys, enter the appropriate password, click OK and click Save. Then, enter the directory location where the LTPA keys are located prior to clicking Import keys. Do not click OK or Apply, but save the settings.

Note: When importing LTPA keys, the keys must be on the local machine; they cannot be remote.

Export Keys

Specifies whether the server exports LTPA keys.

To support single sign-on (SSO) in the WebSphere product across multiple WebSphere Application Server domains (cells), share the LTPA keys and the password among the domains. Use the Export Keys option to export the LTPA keys to other domains.

To export the LTPA keys, make sure that the system is running with security enabled and is using LTPA. Enter the file name in the Key file name field and click Export Keys. The encrypted keys are stored in the specified file.

Password

Specifies the password that is used to encrypt and decrypt the LTPA keys. Use this password when importing these keys into other WebSphere Application Server administrative domain configurations and when configuring SSO for a Lotus Domino server.

After the keys are generated or imported, they are used to encrypt and decrypt the LTPA token. Whenever the password is changed, a new set of LTPA keys are automatically generated when you click OK or Apply. The new set of keys is used after the configuration changes are saved.

Data type String

Confirm password

Specifies the confirmed password that is used to encrypt and decrypt the LTPA keys.

Use this password when importing these keys into other WebSphere Application Server administrative domain configurations and when configuring SSO for a Lotus Domino server.

Data type String

Timeout

Specifies the time period in minutes at which an LTPA token expires. Verify that this time period is longer than the cache timeout value that is configured in the Global security panel.

Data type Integer
Units Minutes
Default 120
Minimum 2
Maximum 2147483647

Key file name

Specifies the name of the file that is used when importing or exporting keys.

Enter a fully qualified key file name, and click Import Keys or Export Keys.

Data type String






Related tasks
Configuring the Lightweight Third Party Authentication mechanism
Reference topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 10:43:27 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v602web&product=was-nd-mp&topic=usecrltpa
File name: usec_rltpa.html