To support single sign-on (SSO) in WebSphere Application Server
across multiple WebSphere Application Server domains or cells, you must share
the LTPA keys and the password among the domains. You can import LTPA keys
from other domains and export keys to other domains.
Before you begin
After you export LTPA keys from one cell, you must import these keys
into another cell. To import keys, you must know the password for the exported
key file to access the LTPA keys. Verify that key files are exported from
one of the cells into a file.
About this task
Complete the following steps in the administrative console to
import key files for LTPA.
Procedure
- Access the administrative console for the cell that will receive
the imported keys by typing http://server_name:port_number/ibm/console in
a Web browser.
- Click Security > Secure administration, applications, and infrastructure
> Authentication mechanisms and expiration.
- In the Password and Confirm password fields, enter
the password that is used to decrypt the LTPA keys . This password
must match the password that was used in the cell from which you are importing
the keys.
- In the Fully qualified key file name field, specify the
fully qualified path to the location where the signer keys reside. You
must have write permission to this file.
- Click Import keys to import the keys to the location that
you specified in the Fully qualified key file name field.
- Click OK and Save to save the changes to the master
configuration. It is important to save the new set of keys to match
the new password so that no problems are encountered when starting the servers
later.
What to do next
After a new set of keys is generated and saved, the generated keys
are not used in the configuration until WebSphere Application Server is restarted.
Important: After
you enter the password in the Password and Confirm password fields and click Save,
the password is not redisplayed on the administrative console
panel.