Web SSO unexpectedly stops working between WebSphere 6.1 and Domino based applications

Lotus Domino has been configured for Web Single Sign-On (SSO) with WebSphere Portal or WebSphere Application Server. SSO works correctly for several weeks, but unexpectedly Domino is no longer able to decode the LTPA token from WebSphere.

To avoid problems:

Disable automatic LTPA key generation on all servers of the single sign-on domain using the following steps:

1. Log on to the WebSphere Application Server administrative console.
2. Navigate to Security > Secure administration, applications, and infrastructure.
3. Click Authentication mechanisms and expiration.
4. Click Key generation - Key set groups.
5. Click NodeLTPAKeySetGroup.
6. Disable the Key generation - Automatically generate keys checkbox.
7. Click OK.
8. Click Save to save the changes to the master configuration.

Web SSO unexpectedly stops working between WebSphere 6.1 and Domino based applications

Kenio Carvalho