The Lightweight Third Party Authentication (LTPA) key holds
cryptographic keys that secure the user authentication session and
cookies. To secure the production server environment, regenerate the
LTPA key using the WebSphere® Integrated Solutions Console.
If you plan to enable single sign-on at a later time, you must first
disable the automatic key generation.
About this task
Complete the following steps to secure LTPA keys on a production
environment:Procedure
- Complete the following steps to regenerate the LTPA keys:
Note: These steps only need to be completed once in a clustered
environment.
- Log on to the WebSphere Integrated Solutions Console.
- Navigate to .
- Click Authentication mechanisms and expiration.
- Click NodeLTPAKeySetGroup under
Key Generation and then click Generate Keys.
- Click Save to save the changes
to the master configuration.
Restriction: By default, WebSphere Application
Server is configured
to automatically regenerate the LTPA keys every 90 days. If you setup
single sign-on to export the LTPA key and then import it on another
server, disable the automatic key generation; otherwise, single sign-on
fails after 90 or 180 days because of regenerated keys.
- Complete the following steps to disable automatic LTPA
key generation on all servers of the single sign-on domain:
- Log on to the WebSphere Integrated Solutions Console.
- Navigate to .
- Click Authentication mechanisms and expiration.
- Click Key generation - Key set groups.
- Click NodeLTPAKeySetGroup.
- Disable the Key generation - Automatically
generate keys checkbox.
- Click OK.
- Click Save to save the changes
to the master configuration.