Lotus Domino has been configured for Web Single Sign-On (SSO) with WebSphere Portal or WebSphere Application Server. SSO works correctly for several weeks, but unexpectedly Domino is no longer able to decode the LTPA token from WebSphere.
To avoid problems:
Disable automatic LTPA key generation on all servers of the single sign-on domain using the following steps:
1. Log on to the WebSphere Application Server administrative console.
2. Navigate to Security > Secure administration, applications, and infrastructure.
3. Click Authentication mechanisms and expiration.
4. Click Key generation – Key set groups.
5. Click NodeLTPAKeySetGroup.
6. Disable the Key generation – Automatically generate keys checkbox.
7. Click OK.
8. Click Save to save the changes to the master configuration.
