If you use more than one server in your environment, and
single sign-on is required, all of the WAS servers must share the
same LTPA key in order to validate and create the LTPA tokens.
About this task
You need to use LTPA keys in order for WAS to digitally sign
LTPA tokens.
Procedure
- Log into the local instance admin console.
- Click Security > Secure administration,
applications, and infrastructure.
- Click Authentication mechanisms and expiration under
Authentication.
- In the Cross-cell single sign-on section,
provide the following:
- A password in the Password and Confirm
Password fields. This password encrypts and decrypts
the LTPA keys that are contained in either an imported or exported
property file.
- A qualified key file name. Ensure that the value is a fully qualified
file name that points to the properties file that you are export the
LTPA keys to. For example, /opt/IBM/MDM/mdmkeys.properties
- Click Export keys to export the LTPA keys
to the fully qualified key file name.
- Copy the mdmkeys.properties file to
the remote server.
- Log into the remote instance admin console and repeat Step 2
and Step
3.
- Provide the fully qualified key file name and password
of the LTPA keys.
- Click Import keys to import the
LTPA keys from the fully qualified key file name.