Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select an authentication mechanism > Configure LTPA and working with keys > 3. Import and export keys.


Import Lightweight Third Party Authentication keys

To support single sign-on (SSO) in WAS across multiple WAS domains or cells, share the LTPA keys and the password among the domains. We can import LTPA keys from other domains and export keys to other domains. After you export LTPA keys from one cell, import these keys into another cell. If the other cell is on a separate system, FTP the key file in binary format.

To import keys, know the password for the exported key file to access the LTPA keys. Verify that key files are exported from one of the cells into a file.

Complete the following steps in the admin console to import key files for LTPA.


Procedure

  1. Access the admin console for the cell that will receive the imported keys by typing http://server_name

    port_number/ibm/console in a web browser.

  2. Click Security > Global security > Authentication mechanisms and expiration.

  3. Click LTPA.

  4. In the Password and Confirm password fields, enter the password used to decrypt the LTPA keys . This password must match the password that was used in the cell from which you are importing the keys.

  5. In the Fully qualified key file name field, specify the fully qualified path to the location where the signer keys reside. We must have write permission to this file.

  6. Click Import keys to import the keys to the location specified in the Fully qualified key file name field.

  7. Click OK and Save to save the changes to the master configuration. It is important to save the new set of keys to match the new password so that no problems are encountered when starting the servers later.


What to do next

After a new set of keys is generated and saved, the generated keys are not used in the configuration until WAS is restarted.

We must recycle the node agents and application servers to accept the new keys. If any of the node agents are down, run a manual file synchronization utility from the node agent machine to synchronize the security configuration from the dmgr.

After you enter the password in the Password and Confirm password fields and click Save, the password is not redisplayed on the admin console panel.
Lightweight Third Party Authentication key sets and key set groups
Generate Lightweight Third Party Authentication keys
Export Lightweight Third Party Authentication keys
Disable automatic generation of Lightweight Third Party Authentication keys
Change the number of active LTPA keys

+

Search Tips   |   Advanced Search