Exporting Lightweight Third Party Authentication keys

To support single sign-on (SSO) in WebSphere Application Server across multiple WebSphere Application Server domains or cells, share the Lightweight Third Party Authentication (LTPA) keys and the password among the domains. Verify the time in the domains is similar so that you do not mistakenly interpret the tokens as expired between the cells.

Overview

Complete the following steps in the administrative console to export key files for LTPA so that they can be shared across domains:

Procedure

1. Type http://server_name:port_number/ibm/console in a Web browser to access the administrative console.

2. Click Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration.

3. In the Password and Confirm password fields, enter the password that is used to encrypt the LTPA keys. Remember the password so used to it later when the keys are imported into the other cell.

4. In the Fully qualified key file name field, specify the fully qualified path to the location where you want the exported LTPA keys to reside. You must have write permission to this file.

5. Click Export keys to export the keys to the location that you specified in the Fully qualified key file name field.

6. Specify the Internal server ID that is used for interprocess communication between servers. The server ID is protected with an LTPA token when sent remotely. You can edit the internal server ID to make it identical to server IDs across multiple application server administrative domains (cells). By default this ID is the cell name.

7. Click OK and Save.

Results

What to do next

Related tasks