Preparing security for remote search service in a single-signon domain

View the steps to set up portal security for remote search service on a single-signon installation.

About this task

For remote search service on a single-signon installation, you need to prepare portal security. To prepare portal security for remote search service on a single portal installation, proceed by the following steps:

Procedure

  1. Make the key file available to all servers in the Single-Sign On (SSO) domain. To do this, perform the following steps on one of the servers that you plan to be part of the SSO domain:
    1. Open the WebSphere® Integrated Solutions Console.
    2. Select Security > Global Security. Under Authentication select LTPA.
    3. In the field for the fully qualified key name enter a key file name and click the Export keys button. The keys are written to the file was_profile_root/Key File Name.
  2. Import the key file to all other servers of the SSO domain. To do this, perform the following steps on all other servers that you plan to be part of this same SSO domain:
    1. Copy the key file that you exported in step 1 to the server into the directory wp_profile_root .
    2. Log in to the WebSphere Integrated Solutions Console.
    3. Select Security > Global Security > Authentication > LTPA.
    4. In the field for the fully qualified key name enter a key file name and click the Import keys button. The keys are propagated to all servers of the SSO domain.
    5. Restart all WebSphere Application Server profiles on this server.
  3. Disable automatic LTPA key generation on all servers of the SSO domain:
    1. Log in to the WebSphere Integrated Solutions Console.
    2. Select Security > Global Security. Under Authentication mechanisms and expiration, click LTPA.
    3. Under Key generation, select Key set groups.
    4. Click NodeLTPAKeySetGroup.
    5. Under Key generation, disable the Automatically generate keys check box.
    6. Click OK.
    7. Click Save to save your changes to the master configuration.
    8. Log out from the WebSphere Integrated Solutions Console.

What to do next

For more details about exporting the LTPA token, refer to the WebSphere Application Server information center under Administering > Security > Managing security > Configuring authentication mechanisms > Configuring Lightweight Third Party Authentication > Lightweight Third Party Authentication settings. You can also locate this topic by opening the search feature of the WebSphere Application Server information center and searching for ltpa key export.

If you work with EJB on a secure server, you need to set the search user ID. For details about how to do this, refer to Setting the search user ID