Error Importing Websphere Ltpa Keys Check File Path And Password
LTPA keys. Check file path and password; was; websphere application server; domino server; lotus; debug; LTPA key; SSO configuration document; token; fails; notes client; password; path; import; information; log Technote (troubleshooting) Problem In Lotus Notes, there is currently no debug or detailed information on errors when a failure occurs while importing a WebSphere LTPA key into a Domino SSO Configuration document. Currently, the Notes client outputs a simple message box error: This message is not providing enough information to determine if the problem is with the password or path. Resolving the problem Update the Notes client Notes.ini file with the parameter debug_ltpa_key_import=1. This setting will display additional information on the import of WebSphere Application Server (WAS) key to Notes Client console log. Successful import of WAS key: 01/14/2009 03:35:48.33 PM [1208:0002-1274] LtpaImportWSKeyFile> Importing WebSphere LTPA keys from file at path c:\lotus\waskeys 01/14/2009 03:35:48.34 PM [1208:0002-1274] LtpaImportWSKeyFile> Successfully read file to memory 01/14/2009 03:35:48.34 PM [1208:0002-1274] LtpaImportWSKeyFile> Successfully imported WebSphere LTPA keys from file Bad Password given for WAS key: 01/14/2009 03:36:29.81 PM [1208:0002-1274] LtpaImportWSKeyFile> Importing WebSphere LTPA keys from file at path c:\lotus\waskeys 01/14/2009 03:36:29.81 PM [1208:0002-1274] LtpaImportWSKeyFile> Successfully read file to memory 01/14/2009 03:36:29.81 PM [1208:0002-1274] LtpaDecryptKey> Error as decrypted key has invalid padding 01/14/2009 03:36:29.81 PM [1208:0002-1274] LtpaEncodeData1> Error processing, phase 2 01/14/2009 03:36:29.81 PM [1208:0002-1274] LtpaImportWSKeyFile> Error processing key file contents, phase 3 Invalid or Nonexistent PATH specified: 01/14/2009 03:36:58.32 PM [1208:0002-1274] LtpaImportWSKeyFile> Importing WebSphere LTPA keys from file at path c:\waskeys 01/14/2009 03:36:58.32 PM [1208:0002-1274] LtpaImportWSKeyFile> Failed to open file at path c:\waskeys for reading Related information Document information More support for: IBM Domino Single Sign-on (SSO) Software version: 8.5 Operating system(s): Windows Reference #: 1366518 Modified date: 2009-07-01 Site availability Site assistance Contact and feedback Need support? Submit feedback to IBM Support 1-800-IBM-7378 (USA) Directory of worldwide contacts Contact
make sure that the spelling is correct.Note: Most addresses are case sensitive. For information on IBM offerings, start from the IBM homepage. For information on printing systems, start from the Infoprint Solutions http://www.ibm.com/support/docview.wss?uid=swg21366518 Company homepage.* For information on ThinkPad notebooks, ThinkCentre desktops and other PC products, start from the Lenovo homepage.* Search the IBM Web site. Get assistance This option lets you send an information request and tell us https://www-304.ibm.com/support/docview.wss?rs=0&uid=swg21366518&context=SSCPNGB&cs=utf-8&lang=&loc=en_US about a broken link. You will receive an e-mail from us to help you find what you need. Requested uid value cannot be empty * Links notated by a grey asterisk (*) will take you to web sites for the following companies that sell former IBM products. Printing systems are now products of InfoPrint Solutions Company. ThinkPad notebooks, ThinkCentre™ desktops and other PC products are now products of Lenovo. Self-help resources Locate your IBM Easy Access site Support & downloads Site availability Site assistance Contact and feedback Need support? Submit feedback to IBM Support 1-800-IBM-7378 (USA) Directory of worldwide contacts Contact Privacy Terms of use Accessibility
is a repository of the stuff that I learn, play with, enjoy and want to share. If you follow one of my tips, your mileage MAY well vary - http://portal2portal.blogspot.com/2012/10/lotus-domino-for-change.html Here be dragons :-) Thursday, 25 October 2012 Lotus Domino - For a change http://notes.helsinki.fi/help/help8_admin.nsf/f4b82fbb75e942a6852566ac0037f284/0cca79e1120d2494852572fa004e5778?OpenDocument …. This article outlines a couple of potentially useful tips for Lotus Domino administrators. Whilst helping a friend debug a problems with the import of a WebSphere LTPA token into Domino, I "discovered" two useful (to me) things: - Remote Console Firstly, when running a remote Domino server, it's nice to be able to access the error importing console at your desktop, rather than needing to walk across the floor to the server. In my case, the Domino server is running on a Red Hat Enterprise Linux 6.3 VMware image on my Lenovo Thinkpad ( which is running Ubuntu 12.04 ) on my desk in Hursley - which is about 25 miles from where I'm sitting. Now there are various ways to get access to the Domino console ( error importing websphere especially when the server is running on Linux ),not least of which is to start the server within a terminal session: - $ ssh root@wp7.uk.ibm.com $ /local/notesdata/DomShrct.sh or: - $ ssh notes@wp7.uk.ibmcom $ cd /local/notesdata $/opt/ibm/lotus/bin/server So, here's a third way to get the console working, in a GUI :-) This requires an X11 tunnel to be created between the client PC ( on which the X11 server actually runs !! ) and the target server. $ ssh -X notes@wp7.uk.ibm.com $cd /local/notesdata $/opt/ibm/lotus/bin/server -jc The -jcoption is the thing that starts the Java Console, which is then tunnelled back from the server to the client, and the command returns: - Domino Server Controller started at 25/10/12 12:18.Host name is localhost/127.0.0.1Listening for connect requests on TCP Port:2050Domino Console started at 25/10/12 12:18.localAdmin connected from localhost/127.0.0.1 at 25/10/12 12:19. etc. More importantly, an X11 window pops up with the console contained within Along with the File menu shown above, there's also some useful functionality on the Edit menu: - and the View menu: - So you now have another choice for the Domino console, along with the terminal and the nice-but-limited Web Administrator ( http://wp7.uk.ibm.com/webadmin.nsf ). LTPA Token Import Debugging As per this IBM Technote: - Debug for Error importing WebSphere LTPA
participating in the single sign-on domain, is encrypted for participating servers and administrators, and contains a shared secret key used by servers for verifying user credentials. To create a Web SSO configuration document if you are using Internet Sites You should have already created a Web Site document, and enabled the use of Internet Site documents in the Server document. Be sure that your client location document has the home/mail server set to a server in the same domain as the servers participating in SSO. This ensures that all public keys for participating server can be found when the SSO document is encrypted. 1. In the Domino Administrator, click Files, and open the server's Address Book (NAMES.NSF). 2. Select the Internet Sites view. 3. Click Create Web SSO Configuration. 4. In the document, click Keys. 5. Initialize the Web SSO Configuration with the shared secret key in one of two ways: Choose Domino only (no IBM® WebSphere® servers participating in single sign-on), and then select "Create Domino SSO Key." Choose Domino and WebSphere (single sign-on with WebSphere), and then do the following: Select "Import WebSphere LTPA Keys." Browse and select the WebSphere LTPA export file. (See WebSphere documentation for details about generating ltpatoken keys.) Enter the password (specified when exporting the keys from WebSphere). The document is updated to reflect the information in the export file. 6. Complete the rest of the document as follows: FieldAction Configuration NameEnter the name of the SSO configuration. Notes If you create multiple Web SSO Configuration documents, be sure to give each document a unique name. Web SSO documents are located by name and if multiple documents have the same name, the SSO configurations won't work well. However, creating multiple SSO documents can only work under limited circumstances. Multiple SSO documents are not recognized by all protocols. In particular, SSO involving Java™ agents and other components using the local Java back-end classes will not function if a name other than the default LtpaToken is used. If the single sign-on configuration is a mixed-release configuration that includes Release 5.0x servers, the Configuration Name must be LtpaToken, as Release 5.0x servers only work with this configuration name. Organization Name(Required) Enter the name of the organization. This must match the organization name for the corresponding Web site. The SSO document will then appear in the Internet sites view, along with the Web Sites documents. DNS Domain(Required) Enter the DNS domain (for example -- .acme.com) for which the toke