IBM Tivoli Monitoring, Version 6.3 Fix Pack 2

Importing and exporting LTPA keys

Authenticated credentials are shared among participating applications using LTPA keys.

Ensure that the following applications are using the same LTPA key as the portal server:

A web-based or web-enabled application that launches the Tivoli® Enterprise Portal
A web-based or web-enabled application that can be launched from the Tivoli Enterprise Portal client
IBM® Dashboard Application Services Hub when it uses the dashboard data provider component of the portal server to retrieve monitoring data
Another application such as Tivoli Integrated Portal that uses the IBM Tivoli Monitoring charting web service

Determine which application will be the source of the LTPA key for all of the other participating SSO applications and export its LTPA key.

If you decide to export the portal server's LTPA key, you must export the LTPA key into a key file. When you perform the export step, you must provide a name for the key file and the password to use to encrypt the key. The key file and password must be provided to the administrators of the applications listed above so that they can import the LTPA key.

If another application will not provide the LTPA key, the administrator of that application must export the application's LTPA key into a key file and then provide you with the key file and the password that was used to encrypt the key. You must import the LTPA key into the portal server and enter the password.

Before you begin

The Tivoli Enterprise Portal Server must be running for import and export operations to be performed.

If you are using the TEPS/e administration console to import or export keys, you must start the console. See Starting the TEPS/e administration console.

Before you can import an LTPA key, the administrator of the application that exported the key must provide you with a key file containing the LTPA key and the password that was used to encrypt the key.

About this task

Follow the steps for your environment to import or export LTPA keys:

Procedure

From Manage Tivoli Enterprise Monitoring Services window, complete the following procedure to export keys:
1. Right-click the Tivoli Enterprise Portal Server and click Advanced → TEPS/e Administration → Export keys.
2. Navigate to the directory where you want to create the file or change the file type, or both. The directory displayed initially, on Windows, is ITM_dir\InstallITM; and on Linux and UNIX, it is the Root directory.
3. Type a name for the file that the LTPA key should be placed in and click Save.
4. In the Export keys window, type a password to use to encrypt the file, and click OK. You see a console window while the file is created and encrypted, and then you are returned to the Single Sign On window.
From Manage Tivoli Enterprise Monitoring Services window, complete the following procedure to import keys:
1. Right-click the Tivoli Enterprise Portal Server and click Advanced → TEPS/e Administration → Import keys.
2. In the Open window that is displayed, navigate to the directory where the key file is located. The directory displayed initially, on Windows, is ITM_dir\InstallITM; and on Linux and UNIX, it is the Root directory.
3. Type the name of the file that you want to import, and click Open. You see a console window while the file is created and encrypted, and then you are returned to the Single Sign On window. Repeat the import process to import keys from additional participating servers.
4. Type the password required to decrypt the file, and click OK. You see a console window while the file is created and encrypted, and then you are returned to the Single Sign On window.
5. Repeat the import process to import keys from additional participating servers.
From the AIX® and Linux command line, to export a key, run ./exportKeys.sh <filename> <password>. The script is installed to ITM_dir/platform/iw/scripts. Examples: /opt/IBM/ITM/aix533/iw/scripts on AIX, /opt/IBM/ITM/li6263/iw/scripts on Linux, and/opt/IBM/ITM/ls3263/iw/scripts on zLinux.
From the AIX and Linux command line, to import a key, run ./importKeys.sh <filename> <password>. The script is installed to ITM_dir/platform/iw/scripts.
From the TEPS/e administration console, complete the following procedure to export the LTPA key:
1. Select Security→ Global Security.
2. Select LTPA.
3. In the Password and Confirm password fields, enter the password to encrypt the key file.
4. In the Fully qualified key file name field, enter fully qualified path and file name for the key file.
5. Click Export keys.
6. Click OK and then Save.
From the TEPS/e administration console, complete the following procedure to import the LTPA key:
1. Select Security→ Global Security.
2. Select LTPA.
3. In the Password and Confirm password fields, enter the password to decrypt the key file.
4. In the Fully qualified key file name field, enter fully qualified path and file name for the key file.
5. Click Import keys.
6. Click OK and then Save.
7. Restart the Tivoli Enterprise Portal Server.
  Note: When the portal server is restarted, the TEPS/e administration console is disabled automatically. You must re-enable it before it can be used again by following the instructions in Starting the TEPS/e administration console.

What to do next

If you exported the portal server's LTPA key, provide the key file and password that you used to encrypt it to the administrators of the other participating SSO applications so that they can import the key.

Feedback