Configuring LTPA in Liberty
You can configure a Liberty server to use a specific Lightweight Third Party Authentication (LTPA) keys file, user-defined password, and expiration time.
In version 20.0.0.5 and later, see the documentation for specifying the Lightweight Third Party Authentication (LTPA) keys on the Open Liberty website.
About this task
The LTPA is configured by default when security is enabled for a Liberty server for the first time. The default
location of the automatically generated LTPA keys file is
${server.output.dir}/resources/security/ltpa.keys. The LTPA keys are encrypted
with a randomly generated key and a default password of WebAS
is initially used to
protect the keys. The password is required when importing the LTPA keys into another server. To
protect the security of the LTPA keys, you must change the password. When the LTPA keys are
exchanged between servers, this password must match across the servers for Single Sign On (SSO) to
work.
The default expiration timeout is 120 minutes. The expiration value refers to how long the LTPA tokens are valid before they expire.
To enable dynamic reloading of the LTPA keys when copying an LTPA keys file from another server, you can specify a file monitor interval before copying the LTPA keys file. The monitor interval value refers to how often the LTPA keys file is monitored for updates.
For more information about LTPA, see LTPA concept in Liberty.