To support single sign-on (SSO) in WebSphere Application
Server across multiple WebSphere Application Server domains or cells,
you must share the Lightweight Third Party Authentication (LTPA) keys
and the password among the domains.
Before you begin
Make sure that the time in the domains is similar so that
you do not mistakenly interpret the tokens as expired between the
cells.
About this task
Complete the following steps in the administrative console
to export key files for LTPA so that they can be shared across domains:
Procedure
- Type http://server_name:port_number/ibm/console in
a Web browser to access the administrative console.
- Click .
- In the Password and Confirm password fields, enter the
password that is used to encrypt the LTPA keys. Remember
the password so that you can use it later when the keys are imported
into the other cell.
- In the Fully qualified key file name field, specify the
fully qualified path to the location where you want the exported LTPA
keys to reside. You must have write permission to this
file.
- Click Export keys to export the keys to the location
that you specified in the Fully qualified key file name field.
- Specify the Internal server ID that is used for
interprocess communication between servers. The server ID is protected
with an LTPA token when sent remotely. You can edit the internal server
ID to make it identical to server IDs across multiple application
server administrative domains (cells). By default this ID is the cell
name.
- Click OK and Save.
Results
You can share LTPA keys and passwords among domains on WebSphere
Application Server.
LTPA keys that are exported to
a file should be readable in an ASCII editor like Notepad. ![[Updated in April 2011]](../../deltaend.gif)
apr2011