Published July 7, 2010 by

Web SSO unexpectedly stops working between WebSphere 6.1 and Domino based applications

Lotus Domino has been configured for Web Single Sign-On (SSO) with WebSphere Portal or WebSphere Application Server. SSO works correctly for several weeks, but unexpectedly Domino is no longer able to decode the LTPA token from WebSphere.

To avoid problems:

Disable automatic LTPA key generation on all servers of the single sign-on domain using the following steps:

1. Log on to the WebSphere Application Server administrative console.
2. Navigate to Security > Secure administration, applications, and infrastructure.
3. Click Authentication mechanisms and expiration.
4. Click Key generation - Key set groups.
5. Click NodeLTPAKeySetGroup.
6. Disable the Key generation - Automatically generate keys checkbox.
7. Click OK.
8. Click Save to save the changes to the master configuration.
Kenio Carvalho

Kenio Carvalho