- 
Disabling automatic LPTA Key Generation in WAS (or how to stop SSO between WAS and Domino from breaking)
Tags:
I have been burned by this one, and I am not alone, so I thought it was time for me to get around to writing this post.
One thing you can accomplish fairly easily is create a Single Sign on environment between Domino and Websphere Application Server (WAS) in order to do so first you need to Generate an LPTA Token in WAS, and then Import the keys in to Domino. There is also an article in the Lotus Connections Wiki on how to accomplish this. Overall it is easily accomplished taking only a few minutes to set up.
So by now you are asking What is the catch? The catch is that by default WAS will rollover the LPTA keys every 12 weeks or put another way your SSO between WAS and Domino will work for 12 weeks and then mysteriously stop working. What you want to do is Disable Automatic Generation of LPTA Keys in WAS.
Log on to the Integrated Solutions Console (ISC)
Navigate to SSL Certificate and Key Management > Key set groups
If you are on a Deployment Manager you are looking for the CellLPTAKeySetGroup
If you are on a Standalone Node you are looking for the NodeLPTAKeySetGroup
Select the appropriate group per above and clear the check box for "Automatically Generate Keys"
Save your changes and restart WAS for the changes to take effect.
Wait 12 weeks and sit back and relax knowing you will not be answering calls about SSO being broken.
In the WAS 6.1 InfoCenter: Disabling automatic generation of Lightweight Third Party Authentication keys
Comments
Very nice, thanks!
Posted by Rob Novak @ 05:35:53 PM on 06/09/2009 | - Website - |
Nice to see you have found it yourself also
I already blogged about this several time ago after i got alerted by some people out of the community with the problem they where experiencing.
{ Link }
Posted by Sjaak Ursinus @ 08:57:24 AM on 06/17/2009 | - Website - |