WAS v8.5 > Secure applications > Authenticate users > Select an authentication mechanism > Configure LTPA and work with keys > Step 3. Import and export keys.

Disable automatic generation of LTPA keys

We can disable the automatic generation of new Lightweight Third Party Authentication (LTPA) keys for key sets that are members of a key set group. Automatic generation creates new keys on a schedule specified when we configure a key set group, which manages one or more key sets. WebSphere Application Server uses key set groups to automatically generate cryptographic keys or multiple synchronized key sets.

You must know the name of the key set group and the management scope where the key set group is defined.

The default key set group that is created to manage LTPA keys is NodeLTPAKeySetGroup.

LTPA keys are used to encrypt the LTPA token.

You might want to disable the automatic generation of these keys so that we can generate them on a schedule. You should definitely disable automatic key generation if you disable node automatic synchronization. This disabling eventually causes the LTPA keys to fall out of synchronization between the deployment manager and the node agents. Also, you should disable automatic key generation if you import or export LTPA keys to or from another cell. The automatic generation of LTPA keys changes keys over time and causes the cells to fall out of synchronization.

The following steps are needed to complete this task in the dmgr console.

  1. Click Security > SSL certificate and key management > Manage endpoint security configurations.

  2. Expand the tree to the inbound or outbound management scope containing the key set group, and then click the scope link.

  3. Under Related Items, click Key Set Groups.

  4. Click the key set group to disable.
  5. Clear the Automatically generate keys option.

  6. Click OK and Save to save the changes to the master configuration.
  7. Start the server again for the changes to become active.


Results

You have disabled the automatic generation of LTPA keys for the key sets in the key set group.

We can generate keys manually at any time by completing the following steps:

  1. Open the key set group collection.

  2. Select the check box beside the key set group.

  3. Click Generate keys.


Related concepts:

LTPA key sets and key set groups


Related


Generate LTPA keys


+

Search Tips   |   Advanced Search