I have been burned by this one, and I am not alone, so I thought it was time for me to get around to writing this post. One thing you can accomplish fairly easily is create a Single Sign on environment between Domino and Websphere Application Server (WAS) in order to do so first you need to Generate an LTPA Token in WAS, and then Import the keys in to Domino. There is also an article in the Lotus Connections Wiki on how to accomplish this. Overall it is easily accomplished taking only a few minutes to set up. So by now you are asking What is the catch? The catch is that by default WAS will rollover the LTPA keys every 12 weeks or put another way your SSO between WAS and Domino will work for 12 weeks and then mysteriously stop working. What you want to do is Disable Automatic Generation of LTPA Keys in WAS. Log on to the Integrated Solutions Console (ISC) Navigate to SSL Certificate and Key Management > Key set groups If you are on a Deployment Manager you are looking for the CellLPTAKeySetGroup If you are on a Standalone Node you are looking for the NodeLPTAKeySetGroup Select the appropriate group per above and clear the check box for “Automatically Generate Keys” Save your changes and restart WAS for the changes to take effect. Wait 12 weeks and sit back and relax knowing you will not be answering calls about SSO being broken. In the WAS 6.1 InfoCenter: Disabling automatic generation of Lightweight Third Party Authentication keys
VERY good find, Mitch. I’ve set this up 20 times and had no idea about “WAS will rollover the LPTA keys every 12 weeks,” causing me much pain when my SSO isn’t working and I had no idea why.
VERY good find, Mitch. I’ve set this up 20 times and had no idea about “WAS will rollover the LPTA keys every 12 weeks,” causing me much pain when my SSO isn’t working and I had no idea why.
Very nice, thanks!
Mitch,
Nice to see you have found it yourself also
I already blogged about this several time ago after i got alerted by some people out of the community with the problem they where experiencing.
{ Link }
Excellent post. This has been annoying me for ages. Many thanks!