WebSphere Application Server Version 6.1 Feature Pack for Web Services
             Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS

             Personalize the table of contents and search results

Importing Lightweight Third Party Authentication keys

To support single sign-on (SSO) in WebSphere Application Server across multiple WebSphere Application Server domains or cells, you must share the LTPA keys and the password among the domains. You can import LTPA keys from other domains and export keys to other domains.

Before you begin

After you export LTPA keys from one cell, you must import these keys into another cell. To import keys, you must know the password for the exported key file to access the LTPA keys. Verify that key files are exported from one of the cells into a file.

About this task

Complete the following steps in the administrative console to import key files for LTPA.

Procedure

  1. Access the administrative console for the cell that will receive the imported keys by typing http://server_name:port_number/ibm/console in a Web browser.
  2. Click Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration.
  3. In the Password and Confirm password fields, enter the password that is used to decrypt the LTPA keys . This password must match the password that was used in the cell from which you are importing the keys.
  4. In the Fully qualified key file name field, specify the fully qualified path to the location where the signer keys reside. You must have write permission to this file.
  5. Click Import keys to import the keys to the location that you specified in the Fully qualified key file name field.
  6. Click OK and Save to save the changes to the master configuration. It is important to save the new set of keys to match the new password so that no problems are encountered when starting the servers later.

What to do next

After a new set of keys is generated and saved, the generated keys are not used in the configuration until WebSphere Application Server is restarted.

You must recycle the node agents and application servers to accept the new keys. If any of the node agents are down, run a manual file synchronization utility from the node agent machine to synchronize the security configuration from the deployment manager.

Important: After you enter the password in the Password and Confirm password fields and click Save, the password is not redisplayed on the administrative console panel.



In this information ...


IBM Redbooks, demos, education, and more


Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

IBM Suggests
Task topic    

Terms of Use | Feedback

Last updated: Nov 25, 2008 2:35:59 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.wsfep.multiplatform.doc/info/ae/ae/tsec_altpaimp.html