Websphere 6.1的默认设置是每90日自动地重新生成一条新的LTPA Key。原意是避免长期使用同一条key造成安全风险。但是如果我们有多个was使用相同的key做SSO的,没有key同步机制会造成key不一致而不能SSO登陆。
为了避免这个情况,我们要备份好ltpa token的key。以防不小心重新生成key导致系统间key不一致,SSO登陆失败。key存放在config的目录里面:
/"websphere"/"dmgr"/config/cells/"cellname"/ltpa.jceks
关闭WebSphere v6.1自动重新生成LTPA Keys的方法:
Procedure
Click Security > SSL certificate and key management > Manage endpoint security configurations.
Expand the tree to the inbound or outbound management scope that contains the key set group, and then click the scope link.
Under Related Items, click Key Set Groups.
Click the key set group that you want to disable.
Clear the Automatically generate keys option.
Click OK and Save to save the changes to the master configuration.
Start the server again for the changes to become active.