ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamy_5.4.0.1/50/sec/seccamec.htm

53 lines
3.3 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Configure the authentication mechanism</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h4><a name="seccamec"></a>Configure the authentication mechanism</h4>
<p>WebSphere Application Server - Express provides these authentication mechanisms:</p>
<ul>
<li><p><a href="secswam.htm">Simple WebSphere Authentication Mechanism (SWAM)</a>
<br>By default, WebSphere Application Server - Express uses SWAM as the authentication mechanism. SWAM is intended for single-server topologies. If you want to use SWAM, no configuration is necessary.</p></li>
<li><p><a href="secltpa.htm">Lightweight Third Party Authentication (LTPA)</a>
<br>Use LTPA to support single sign-on (SSO) and the ability to forward credentials to other application server processes. To configure LTPA, use the administrative console.</p></li>
</ul>
<p>For more information about how the authentication mechanism works, see <a href="secauthm.htm">Authentication mechanism</a>.</p>
<p><strong>Configure the LTPA authentication mechanism</strong></p>
<p>Perform these steps in the WebSphere administrative console to enable LTPA as the authentication mechanism for WebSphere security:</p>
<ol>
<li><p>Expand <strong>Security --&gt; Authentication Mechanisms</strong>, and click <strong>LTPA</strong>.</p></li>
<li><p>Enter the password and confirm it in the password fields. This password is used to encrypt and decrypt the LTPA keys when they are exported and imported. You need to enter this password again when you export the keys to another cell. For more information about LTPA keys, see <a href="seccakey.htm">Configure LTPA keys</a>.</p></li>
<li><p>Enter a positive integer value in the <strong>Timeout</strong> field. This timeout refers to how long a LTPA token is valid, in minutes. The token contains this expiration time so that any server that receives this token can make sure that this token is valid before proceeding further. When the token expires, the user is prompted to login. An optimal value for this depends on your configuration. The default value is 30 minutes.</p></li>
<li><p>Click <strong>Apply</strong>. The LTPA configuration is now set. You should not generate the LTPA keys in this step because they are automatically generated later.</p></li>
<li><p>If your applications contain form-based login, you may want to enable single sign-on support. For more information, see <a href="seccsso.htm">Configure single sign-on</a>.</p></li>
<li><p>(Optional) <a href="secctai.htm">Configure a trust association interceptor</a>.</p></li>
<li><p>Complete the information in the Global Security panel and press <strong>OK</strong>. When <strong>OK</strong> or <strong>Apply</strong> is clicked in the Global Security panel the LTPA keys are generated automatically the first time, and therefore, you should not generate the keys manually.</p>
<p>If you later need to generate keys, see <a href="seccakey.htm">Configure LTPA keys</a>.</p></li>
<li><p>Stop and then start your servers for the changes to take effect.</p></li>
</ol>
</body>
</html>