Thursday, August 02, 2007

Configuring SSO with LTPA

I had just wasted a few hours of my life because of some careless mistake made by our computer engineers.
I was tasked to configure single sign on for two servers, a Websphere Application Server v6 and a Websphere Portal Server v6. I configured my application server to use the same LDAP configuration as the portal. Export the LTPA key from Websphere Portal and import it to WAS.
I thought it will work. But it didn't. I thought I configured it wrongly thus tweak here and there. Tried every single thing I could imagine. I was also careless as I forgot to consult the log files. I just thought the LTPA token was not propagated properly.
I finally remembered to read the logs and found the following.
[8/2/07 21:55:35:047 PDT] 0000001d LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu Aug 02 08:54:41 PDT 2007, current Date: Thu Aug 02 21:55:35 PDT 2007.
Finally I check the server date time settings. Guess what I found. The Portal server is just beginning to wake up at 6 in the morning. The WAS has the same time as my machine, 9:55 p.m., but it is somewhere in US. The engineer who setup the server didn't change the regional settings back to my country and it is still following US timezone.
I wonder who should I be screaming at when this type of things happens. I guess this is what happens when you are not surrounded by geniuses.