Operating Systems: i5/OS
Personalize the table of contents and search results
Configure the Lightweight Third Party Authentication mechanism
You must configure Lightweight Third Party Authentication (LTPA)
when you set up security for the first time. LTPA is the default authentication
mechanism for WebSphere Application Server.
Procedure
- Open the administrative console.
Type http://server_name:port_number/ibm/console to
access the administrative console in a Web browser.
Port 9060 is the
default port number for accessing the administrative console. During installation,
however, you might have specified a different port number. Use the appropriate
port number.
- Click Security > Secure administration, applications,
and infrastructure > Authentication mechanisms and expiration.
- Select the appropriate group from the Key set
group field that contains your public, private, and shared LTPA keys.
These keys are used to encrypt and decrypt data that is sent between
servers. You can access these key set group configurations using the Key set
group link. In the Key set group configuration, you can indicate whether to
automatically generate new keys and when to generate them.
- Enter a positive integer value in the Authentication
cache timeout field. This timeout value refers to how long
an LTPA token is valid in minutes. The token contains this expiration time
so that any server that receives the token can verify that the token is valid
before proceeding further. When the token expires, the user must log in again.
An optimal value for this field depends on your configuration. However, the
default value is 10 minutes.
- Enter a positive integer in the Timeout value for forwarded
credentials between servers field. This value refers to how
long the server credentials from another server are valid before they expire.
The default value is 120 minutes. The value in the Timeout value for forwarded
credentials between servers field must be greater than the value in the Authentication
cache timeout field.
- Click Apply or OK. The LTPA configuration is now
set. Do not generate the LTPA keys in this step because they are automatically
generated later. Proceed with the rest of the steps that are required to enable
security, and start with single sign-on (SSO), if it is required.
- Complete the information in the Security > Secure
administration, applications, and infrastructure panel and click OK.
The LTPA keys are generated automatically the first time. Do not generate
the keys manually.
Results
The previous steps configured LTPA.
What to do next
After configuring LTPA, you can also complete the following tasks:
- Generate key files. For more information, see Generating Lightweight Third Party Authentication keys.
- Export key files. For more information, see Exporting Lightweight Third Party Authentication keys.
- Import key files. For more information, see Importing Lightweight Third Party Authentication keys.
- Manage LPTA keys from multiple cells. For more information,
see Managing LTPA keys from multiple WebSphere Application Server cells.
- If you are enabling security, you can also enable single sign-on (SSO).
See:
- If you generated a new set of keys or imported a new set of keys, verify
that the keys are saved to the master configuration by clicking Save at
the top of the panel. Because LTPA authentication uses time-sensitive tokens,
verify that the time, date, and time zone are synchronized among all of the
product servers that are participating in the protected domain. Changes to
the time, date, and time zone are done independently from WebSphere Application
Server. If the clock skew is too high between servers, the LTPA token seems
prematurely expired and causes authentication or validation failures.
}
Authentication mechanisms and expiration
Generating Lightweight Third Party Authentication keys
Exporting Lightweight Third Party Authentication keys
Importing Lightweight Third Party Authentication keys
Disabling automatic generation of Lightweight Third Party Authentication
keys
Managing LTPA keys from multiple WebSphere Application Server cells
Activating Lightweight Third Party Authentication key versions
Related concepts
User
registries and repositories
Single sign-on
Trust associations
Lightweight Third Party Authentication key sets and key set groups
Related tasks
Enabling security
|