If you are not familiar with SSO and LTPA, check out our getting started article.
If you have two or more WebSphere servers, and you want to be able to get an LTPA token for one of WebSphere servers and then use the LTPA token to be automatically authenticated to the other WebSphere servers, each WebSphere server will need the same LTPA key.
Since LTPA tokens expire (120 minutes is the default), it is important to ensure that each WebSphere server is configured with the correct date and time, which is usually done via network time protocol (NTP). Configuring a servers time is beyond the scope of this article.
Create and Export LTPA key
In one of your WebSphere servers, navigate to Security > Global Security > LTPA. Provide a password for the LTPA key and the location and name of the file that will contain the LTPA key and select Export. In this example, "ltpa.key" is the name of the file that contains the LTPA key.
If the export is successful, the following should be displayed, and the key file should now reside on your server.
Import LTPA key
Now, on your other WebSphere servers, at Security > Global Security > LTPA, enter the LTPA key password, select Import key, and select the file that you exported. Select OK and Save. And that's it. You should now be able to authenticate into server "a" and then automatically be authenticated into the other WebSphere servers for the duration of the LTPA token.
Also, each WebSphere server will need to be configured with an identical realm name. With federated repository, the default realm name is defaultWIMFileBasedRealm. If you didn't change the realm name, then all of the WebSphere servers should have the same realm name. To verify this, navigate to Security > Global Security > Configure. If you need to change the realm name, the cell (dmgr, nodes, application servers) will need to be restarted for this change to take effect.
With LDAP, the default realm name is the LDAP server hostname and port. Just like a federated repository, you can verify the realmn name at Security > Global Security > Configure.