Exporting Lightweight Third Party Authentication keys

To support single sign-on (SSO) in WebSphere® Application Server across multiple WebSphere Application Server domains or cells, you must share the Lightweight Third Party Authentication (LTPA) keys and the password among the domains.

Before you begin

Make sure that the time in the domains is similar so that you do not mistakenly interpret the tokens as expired between the cells.

About this task

Complete the following steps in the administrative console to export key files for LTPA so that they can be shared across domains:

Procedure

  1. Type http://server_name:port_number/ibm/console in a web browser to access the administrative console.
  2. Click Security > Global security > LTPA.
  3. In the Password and Confirm password fields, enter the password that is used to encrypt the LTPA keys.
    Remember the password so that you can use it later when the keys are imported into the other cell.
  4. In the Fully qualified key file name field, specify the fully qualified path to the location where you want the exported LTPA keys to reside.
    You must have write permission to this file.
  5. Click Export keys to export the keys to the location that you specified in the Fully qualified key file name field.

Results

Exporting the LTPA key to a file doesn't require you to save.

You can share LTPA keys and passwords among domains on WebSphere Application Server.

LTPA keys that are exported to a file should be readable in an ASCII editor like Notepad.

What to do next

After exporting the keys from one cell, you must import those keys into the other cell. If the other cell is on a separate system, you must ftp the key file in binary format. For more information, see Importing Lightweight Third Party Authentication keys