To support single sign-on (SSO) in WebSphere® Application Server across
multiple WebSphere Application
Server domains or cells, you must share the Lightweight Third Party Authentication
(LTPA) keys and the password among the domains.
Before you begin
Make sure that the time in the domains is similar so that you do not
mistakenly interpret the tokens as expired between the cells.
About this task
Complete the following steps in the administrative console to
export key files for LTPA so that they can be shared across domains:
Procedure
- Type http://server_name:port_number/ibm/console in
a Web browser to access the administrative console.
- Click Security > Global security > Authentication mechanisms
and expiration.
- Click LTPA.
- In the Password and Confirm password fields, enter the password
that is used to encrypt the LTPA keys. Remember the password so
that you can use it later when the keys are imported into the other cell.
- In the Fully qualified key file name field, specify the fully
qualified path to the location where you want the exported LTPA keys to reside.
You must have write permission to this file.
- Click Export keys to export the keys to the location that
you specified in the Fully qualified key file name field.
- Specify the Internal server ID that is used for interprocess
communication between servers. The server ID is protected with an LTPA token
when sent remotely. You can edit the internal server ID to make it identical
to server IDs across multiple application server administrative domains (cells).
By default this ID is the cell name.
- Click OK and Save.
Results
You can share LTPA keys and passwords among domains on WebSphere Application
Server.