You can disable the automatic generation of new Lightweight Third
Party Authentication (LTPA) keys for key sets that are members of a key set
group. Automatic generation creates new keys on a schedule that you specify
when you configure a key set group, which manages one or more key sets. WebSphere® Application
Server uses key set groups to automatically generate cryptographic keys or
multiple synchronized key sets.
Before you begin
You must know the name of the key set group and the management scope
where the key set group is defined.
The
default key set group is CellLTPAKeySetGroup.
About this task
LTPA keys are used to encrypt the LTPA token.
Note: You might want
to disable the automatic generation of these keys so that you can generate
them on a schedule. You should definitely disable automatic key generation
if you disable node automatic synchronization. This disabling eventually
causes the LTPA keys to fall out of synchronization between the
deployment manager and the node agents. Also, you should disable automatic
key generation if you import or export LTPA keys to or from another cell.
The automatic generation of LTPA keys changes keys over time and causes
the cells to fall out of synchronization.
The following steps are
needed to complete this task in the administrative console.
Procedure
- Click Security > SSL certificate and key management >
Manage endpoint security configurations.
- Expand the tree to the inbound or outbound management scope that
contains the key set group, and then click the scope link.
- Under Related Items, click Key Set Groups.
- Click the key set group that you want to disable.
- Clear the Automatically generate keys option.
- Click OK and Save to save the changes to the master
configuration.
- Start the server again for the changes to become active.
Results
You have disabled the automatic generation of LTPA keys for the key
sets in the key set group.
Tip: You can generate keys manually
at any time by completing the following steps:
- Open the key set group collection.
- Select the check box beside the key set group.
- Click Generate keys.