WebSphere Issues


Configure SSO between different servers/cells

Filed under: WAS, WebSphere Portal — Ishtiaque @ 8:51 pm

Pre-request for SSO config:

1. The servers/cells use the same LDAP directory for authentication.

2. The servers/cells specify the same domain name (for example, .example.com) for all the single sign-on hosts.

3. The cells/servers time must be synchronized and they should be using same time zone.

Configure SSO:

1. Enable SSO and enter domain (e.g: .example.com) on all participating servers/cells by navigating Security > Secure administration, applications, and infrastructure > single sign-on (SSO).

2. Export the Ltpa key from the server which would be accessed 1st as base such as WebSphere Portal for Lotus Domino emails by navigating Security > Secure administration, applications, and infrastructure > Authentication mechanisms and expiration.

3. Import the LTPA key onto all other participating servers/cells such Domino.

4. Restart all participating servers including nodeagent and dmgr.


-> http://www-10.lotus.com/ldd/portalwiki.nsf/dx/Setting_up_single_sign-on_for_WebSphere_Application_Server

-> http://www.ibm.com/developerworks/lotus/library/sso1/

-> http://www.ibm.com/developerworks/lotus/documentation/domino/d-ls-sso-portal-domino/

-> http://www.ibm.com/developerworks/lotus/documentation/domino/d-ls-sso-portal-domino2/

-> http://www.ibm.com/developerworks/lotus/documentation/domino/d-ls-sso-portal-domino3/

-> http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp?topic=/com.ibm.lotus.quickr.admin.wpv81.doc/ecm/ic_ecm_c_prereq_sso.html

Decrypt LTPA cookie

Filed under: WAS, WebSphere Portal — Ishtiaque @ 8:20 pm

1. Download the java files Base64.java and LtpaUtils.java from the 1st link given in under Reference.

2. Export the LTPA key.

3. Copy 3DESKey from exported key and paste it into LtpaUtils.java

4. Remove “” backslah character from it.

5. Additionally type password into LtpaUtils.java that you entered while exporting the key .

6. Run the program while providing Ltpa cookie as argument.



-> https://github.com/offbytwo/samples/tree/master/LTPAUtils

-> http://vivekagarwal.wordpress.com/2008/07/15/need-to-decode-webspheredomino-ltpa-token-for-sso/




Decode/Decrypt WebSphere J2C authentication passwords using WebSphere PasswordDecoder utility

Filed under: WAS, WebSphere Portal — Ishtiaque @ 6:43 pm

1.┬áSearch the tag “<authDataEntries” and corresponding XORed encoded password in the file /wp_profile/config/cells/node1/security.xml

2. Change directory to C:/IBM/WebSphere/AppServer/lib

3. Run the command:

C:/IBM/WebSphere/AppServer/java/bin/java -cp ffdc.jar;bootstrap.jar;emf.jar;securityimpl.jar;iwsorb.jar;ras.jar;wsexception.jar com.ibm.ws.security.util.PasswordDecoder {xor}LDo8LTor

Note: The above cmd must be run in WAS 6 and it can encode only passwords which are encoded by XOR.


Blog at WordPress.com.