If you are not familiar with SSO and LTPA, check out our getting started article.
If you have two or more WebSphere servers, and you want to be able to get an LTPA token for one of WebSphere servers and then use the LTPA token to be automatically authenticated to the other WebSphere servers, each WebSphere server will need the same LTPA key.
Create and Export LTPA key
In one of your WebSphere servers, navigate to Security > Global Security > LTPA. Provide a password for the LTPA key and the location and name of the file that will contain the LTPA key and select Export. In this example, "ltpa.key" is the name of the file that contains the LTPA key.
If the export is successful, the following should be displayed, and the key file should now reside on your server.
The exported file is nothing more than a text file that contains the following lines.
#IBM WebSphere Application Server key file #Tue Sep 03 06:21:30 CDT 2019 com.ibm.websphere.CreationDate=Tue Sep 03 06\:21\:30 CDT 2019 com.ibm.websphere.ltpa.version=1.0 com.ibm.websphere.ltpa.3DESKey=mbcyCurh+lcGC852xxBavK1eX8cdHbesNdAES2AeaUE\= com.ibm.websphere.CreationHost=dmgr.example.com com.ibm.websphere.ltpa.PrivateKey=DXbx8HooPNeW9U5Vya4LWUHPoBXMlKfd/uHhCdc4sZzKOr5YyxtUH6Q1JqYkM3iQoM3R9QtrTvf5z+FVqa1Dj2gl9CtvqJm6UP5vMNbHhtUEe8hS0jdPImdiUAyJ4svqY9zFOlhz9qGD7dNWxnQTwUC62gx2wgeAehLl3Y05ZTaEZb38JvA6m+xjnFelUwcWF7LNTVuhe3+qzku2jSeP/6ud/RLvQU7aFLgoRuQA4zHF550IyAfhQuMYBguYZCTHjJppv9Lx8/xzQu6kSNENFr102GrfEJ3+rlNh3lBjGChhabL8Cte0BHvbS8pvZ4vs9zc++o/rYwNPG4gGPEZHYX7qd991WjxZprSFmJEgN1Y\= com.ibm.websphere.ltpa.Realm=defaultRealm com.ibm.websphere.ltpa.PublicKey=AMxdld/PvJHafIzIngP67yPbakmSdWbph9xALIDbCBDDoI+YyWbxDK4d3CFtPlb2Tt6HXuD1H2JOdtLYidoeedDj32RKybs3p9LYGiJv1tRbZY2w4Dt2FNVOskBXjIJW0qQYD3iGW2eWVcglrcy6k3iVr+uQya8byv+P2TxOjO2/AQAF
Import LTPA key
Now, on your other WebSphere servers, transfer the file that was exported from server "a" to some directory on server "b". Then, at Security > Global Security > LTPA, enter the LTPA key password, enter the path to the file, and select Import key. If the import is successful, the following should be displayed. Select Save.
And that's it. You should now be able to authenticate into server "a" and then automatically be authenticated into the other WebSphere servers for the duration of the LTPA token.