Why and when to perform this task
The following steps are needed to configure Lightweight Third Party
Authentication (LTPA) when setting up security for the first time:
Steps for this task
- Access the administrative console by typing http://localhost:port_number/ibm/console in
a Web browser. Port 9060 is the default port number for accessing
the administrative console. During installation, however, you might have specified
a different port number. Use the appropriate port number.
- Click Security > Global security.
- Under Authentication, click Authentication mechanisms
> LTPA.
- Enter the password and confirm it in the password fields. This
password is used to encrypt and decrypt the LTPA keys during export and import
of the keys. Remember this password because you enter it again when the keys
from this cell are exported to another cell.
- Enter a positive integer value in the Timeout field.
This timeout value refers to how long an LTPA token is valid in minutes.
The token contains this expiration time so that any server that receives the
token can verify that the token is valid before proceeding further.
When
the token expires, the user is prompted to log in.
An
optimal value for this field depends on your configuration. The default value
is 30 minutes.
- Optional: In the Key file name field, specify
the name of the file that is used when you import or export keys. You
can use this field in conjunction with the Import keys and Export
keys buttons at the top of the panel.
- Click Apply or OK. The LTPA configuration is now
set. Do not generate the LTPA keys in this step because they are automatically
generated later. Proceed with the rest of the steps required to enable security,
starting with single signon (SSO) (if SSO is required).
- Complete the information in the Global Security panel and click OK.
The LTPA keys are generated automatically the first time. Do not generate
the keys manually.
Result
The previous steps configure LTPA by setting passwords that generate
LTPA keys.
What to do next
After configuring LTPA, complete the following steps to work with
your key files:
- Generate key
files.
- Export key files.
- Import key files.
- If you are enabling security, make sure that you complete the remaining
steps starting with enabling SSO.
- If you generated a new set of keys or imported a new set of keys, verify
that the keys are saved by clicking Save at the top of the panel. Because
LTPA authentication uses time sensitive tokens, verify that the time, date,
and time zone are synchronized among all product servers that are participating
in the protection domain. If the clock skew is too high between servers, the
LTPA token appears prematurely expired and causes authentication or validation
failures.