To support single sign-on
(SSO) in WebSphere® Application
Server across multiple WebSphere Application Server
domains or cells, you must share the LTPA keys and the password among
the domains. You can import LTPA keys from other domains and export
keys to other domains.
Before you begin
After you export
LTPA keys from one cell, you must import
these keys into another cell. If the other cell is on a separate system,
you must FTP the key file in binary format. To import keys, you must
know the password for the exported key file to access the LTPA keys.
Verify that key files are exported from one of the cells into a file.
About this task
Complete the following steps in the administrative console
to import key files for LTPA.
Procedure
- Access
the administrative console for the cell that will
receive the imported keys by typing http://server_name:port_number/ibm/console in
a web browser.
- Click Security > Global
security > Authentication
mechanisms and expiration.
- Click LTPA.
- In the Password and Confirm password fields,
enter the password that is used to decrypt the LTPA keys . This
password must match the password that was used in the cell from which
you are importing the keys.
- In the Fully
qualified key file name field, specify
the fully qualified path to the location where the signer keys reside. You must have write permission to this file.
- Click Import keys to import the keys to the location
that you specified in the Fully qualified key file name field.
- Click OK and Save to save the changes
to
the master configuration. It is important to save the new
set of keys to match the new password so that no problems are encountered
when starting the servers later.
What to do next
After
a new set of keys is generated and saved, the generated
keys are not used in the configuration until WebSphere Application
Server is restarted.
Important: After you enter
the password in the Password and Confirm password fields and click Save,
the password is not redisplayed on the administrative console panel.