Securing LTPA keys on a production environment | HCL Digital Experience
The Lightweight Third Party Authentication (LTPA) key holds cryptographic keys that secure the user authentication session and cookies. To secure the production server environment, regenerate the LTPA key using the WebSphere Integrated Solutions Console. If you plan to enable single sign-on at a later time, you must first disable the automatic key generation.
About this task
Procedure
- Complete the following steps to regenerate the LTPA keys:
Note: These steps only need to be completed once in a clustered environment.
- Log on to the WebSphere® Integrated Solutions Console.
- Navigate to .
- Click Authentication mechanisms and expiration.
- Click NodeLTPAKeySetGroup under Key Generation and then click Generate Keys.
- Click Save to save the changes to the master configuration.
Restriction: By default, WebSphere® Application Server is configured to automatically regenerate the LTPA keys every 90 days. If you setup single sign-on to export the LTPA key and then import it on another server, disable the automatic key generation; otherwise, single sign-on fails after 90 or 180 days because of regenerated keys. - Complete the following steps to disable automatic LTPA
key generation on all servers of the single sign-on domain:
- Log on to the WebSphere® Integrated Solutions Console.
- Navigate to .
- Click Authentication mechanisms and expiration.
- Click Key generation - Key set groups.
- Click NodeLTPAKeySetGroup.
- Disable the Key generation - Automatically generate keys checkbox.
- Click OK.
- Click Save to save the changes to the master configuration.