Authenticated credentials are shared
among participating applications using LTPA keys.
Ensure
that the following applications are using the same LTPA key as the
portal server:
- A web-based or web-enabled application that launches the Tivoli® Enterprise Portal
- A web-based or web-enabled application that can be launched from
the Tivoli Enterprise Portal client
- IBM® Dashboard
Application Services Hub when it uses
the dashboard data provider component
of the portal server to retrieve monitoring data
- Another application such as Tivoli Integrated Portal that
uses the IBM Tivoli Monitoring charting
web service
Determine which application will be the source of the LTPA key
for all of the other participating SSO applications and export its
LTPA key.
If you decide to export the portal server's LTPA key,
you must export the LTPA key into a key file. When you perform the
export step, you must provide a name for the key file and the password
to use to encrypt the key. The key file and password must be provided
to the administrators of the applications listed above so that they
can import the LTPA key.
If another application will not provide
the LTPA key, the administrator of that application must export the
application's LTPA key into a key file and then provide you with the
key file and the password that was used to encrypt the key. You must
import the LTPA key into the portal server and enter the password.
Before you begin
The
Tivoli Enterprise Portal Server must
be running for import and export operations to be performed.
If you are using the TEPS/e administration
console to import or
export keys, you must start the console. See Starting the TEPS/e administration console.
Before you can import an LTPA key, the administrator of
the application that exported the key must provide you with a key
file containing the LTPA key and the password that was used to encrypt
the key.
About this task
Follow the steps for your environment to import or export
LTPA keys:
Procedure
- From Manage Tivoli Enterprise Monitoring Services window,
complete the following procedure to export keys:
- Right-click the Tivoli Enterprise Portal Server and
click Advanced → TEPS/e Administration → Export keys.
- Navigate to the directory where
you want to create the file or change the file type, or both. The directory displayed initially, on Windows, is ITM_dir\InstallITM;
and on Linux and UNIX, it is the Root directory.
- Type a name for the file that the
LTPA key should be placed in and click Save.
- In the Export keys window, type
a password to use to encrypt the file, and click OK. You see a console window while the file is created and
encrypted, and then you are returned to the Single Sign On window.
- From Manage Tivoli Enterprise Monitoring Services window,
complete the following procedure to import keys:
- Right-click the Tivoli Enterprise Portal Server and
click Advanced → TEPS/e Administration → Import keys.
- In the Open window
that is displayed, navigate to the directory where the key file is
located. The directory displayed initially, on Windows, is ITM_dir\InstallITM;
and on Linux and UNIX, it is the Root directory.
- Type the name of the file that you
want to import, and click Open. You see a console window while the file is created and
encrypted, and then you are returned to the Single Sign On window.
Repeat the import process to import keys from additional participating
servers.
- Type the password required to decrypt
the file, and click OK. You
see a console window while the file is created and encrypted, and
then you are returned to the Single Sign On window.
- Repeat the import process to import
keys from additional participating servers.
- From the AIX® and Linux command line, to export a
key, run ./exportKeys.sh <filename> <password>. The script is installed to ITM_dir/platform/iw/scripts. Examples: /opt/IBM/ITM/aix533/iw/scripts on AIX, /opt/IBM/ITM/li6263/iw/scripts on Linux, and/opt/IBM/ITM/ls3263/iw/scripts on
zLinux.
- From the AIX and Linux command line, to import a
key, run ./importKeys.sh <filename> <password>. The script is installed to ITM_dir/platform/iw/scripts.
- From the TEPS/e administration
console, complete the
following procedure to export the LTPA key:
- Select Security→ Global Security.
- Select LTPA.
- In the Password and Confirm
password fields, enter the password to encrypt the key
file.
- In the Fully qualified key file name field,
enter fully qualified path and file name for the key file.
- Click Export keys.
- Click OK and then Save.
- From the TEPS/e administration
console, complete the
following procedure to import the LTPA key:
- Select Security→ Global Security.
- Select LTPA.
- In the Password and Confirm
password fields, enter the password to decrypt the key
file.
- In the Fully qualified key file name field,
enter fully qualified path and file name for the key file.
- Click Import keys.
- Click OK and then Save.
- Restart the Tivoli Enterprise Portal Server.
Note: When
the portal server is restarted, the
TEPS/e administration
console is disabled
automatically. You must re-enable it before it can be used again by
following the instructions in
Starting the TEPS/e administration console.
What to do next
If you exported the portal server's LTPA key,
provide the key file and password that you used to encrypt it to
the administrators of the other participating SSO applications so
that they can import the key.