Changing the LTPA key used for single sign-on
The Lightweight Third Party Authentication (LTPA) security protocol requires that z/OSMF servers share a cryptographic key to establish a single sign-on (SSO) environment. The LTPA keys file is encrypted with a randomly-generated key and is protected with a user-defined password. The default password is WebAS. For security purposes, it is recommended that you change the default password before enabling SSO. You might also be required to periodically change the password to conform with your installation's security policy.
Before you begin
Ensure that your web browser is connected to the primary z/OSMF instance.
Procedure
By default, only a z/OSMF Administrator can change the LTPA key password. To do so, complete the following steps:
What to do next
Invoke the Enable Single Sign-on action to use the new key on the systems listed in the Systems field or on any system for which you want to enable single sign-on. For more details about enabling SSO, see Enabling single sign-on.