Sjaak's Tech Corner

After reading this blog article I came to the conclusion that lots of settings and functionality deliverd by WAS (WebSphere Application Server) are not well understood. So to help people solve their day to day problems with Lotus Products running on top of WAS I created this article to give an insight in LTPA integration into WAS.

The problem people are experiencing is that they need to import the LTPA keys of WAS every given time into their Domino/WAS environment to give them SSO functionality between these paltforms/applications

By default WAS creates every 12 weeks a new LTPA Key so this means that you have to distribute that key every 12 weeks to all platforms where you wanna create SSO functionality to. This automatic recreation fo LTPA keys inside WAS is done for maximum security reasons !!! As soon a user has ben authenticated by the platform the platform creates an LTPA cookie. Inside this cookie the following information is stored :

• LTPA version
• LTPA Creation Time
• LTPA Expiration Time
• User name of Autheticated user
• LTPA Shared Secret
  

This cookie is a key to enter trough the door. So this cookie is quite powerfull, so the key (shared secret) which is being used to encrypt this data (well the data is not really encrypted but hashed) is something which is quite Valuable. Thats the reason why WAS recreates this key on default every 12 weeks.

The recreation of this Shared Secret for the LTPA key can be ofcourse tweaked in the WAS configuration. I strongly advise you not to disable or at least when you disable this functionality recreate the Shared Secret manually every now and then. (ofcourse after recreation manually you still have to distribut this new key over all platforms where you want SSO functionality with !!!)

I will now show some screenshots to make it more understandable.

If you follow this breadcrum you will get into the setting screen of the LTPA recreation.


In this screen you can alter the configuartion on how often or completly disable the recreation of this LTPA Secrets.


Well the settings are self explanatory so I don't have to explain that.

I hope this will help some people on how to disable or change the recreation of LTPA Secrets in WAS. If there are still questions which are not being explained in this article about LTPA keys please don't hesitate to ask them.