LTPA overview
LTPA - Lightweight Third Party Authentication. 輕量級第三方認證。 是一種SSO單點登錄的credential format,用於分佈的多個應用服務器環境。
LTPA is a single-sign on credential format intended for use in distributed, multiple application server environment.
LTPA Exception error log:
Unexpected Exception Occurred: com.ibm.websphere.asynchbeans.SerialDeserialException: Exception while deserializing a saved service. Service=security. Unable to deserialize the Subjects in this Context, cause: Validation of LTPA token failed due to invalid
keys or token type.
Check content of ltpa.jceks
Listing the contents of ltpa.jceks with keytool from <install_root>/java/bin
keytool –list –storetype jceks –keystore ltpa.jceks –storepass WebAS
The output should look like this
LTPA Key ltpa.jceks location:
The key store containing the LTPA keys is named ltpa.jceks file stored at the cell level for each profile:
<WAS_install_root>\profiles\<profile>\config\cells\<cellname>
To recover from a corrupted file:
1. Backup the old ltpa.jceks
2. Remove the ltpa.jceks
3. Regenerate a new ltpa.jceks file with keytool or from was console: Security->Global Security->Authentication->Authentication mechanisms and expiration->LTPA->Generate key.
4. Stop the Node Agent, and run syncNode.sh to bring the Node Agent back in sync with the Deployment Manager.