Parameter:
DEBUG_LTPAShort description: Enables detailed tracing for LTPA token processing (Single Sign-On with WebSphere/Sametime/Connections).
Profile
Parameter | DEBUG_LTPA |
Category | Logging / Debug |
Component | Server |
Available since | 9.0.1 |
Supported versions | 9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | notes.ini only (no GUI) |
Possible values | 0 = off (default), 1 = on |
Description
LTPA tokens (Lightweight Third Party Authentication) are used for Single Sign-On between Domino and, for example, WebSphere, Sametime, or HCL Connections.
DEBUG_LTPA=1 turns on detailed trace output around the creation, validation, and expiration of LTPA tokens – including key lookups in domcfg.nsf or the Web SSO configuration document, realm and domain checks, and cookie processing.Indispensable for diagnosing SSO problems such as user lands on the login form despite an LTPA cookie, token is not accepted, realm mismatch, or token expires earlier than expected.
Example configuration
DEBUG_LTPA=1 Debug_Outfile=/local/notesdata/IBM_TECHNICAL_SUPPORT/ltpa_debug.log
Notes & pitfalls
- LTPA cookies contain sensitive information – handle logs securely.
- Takes effect immediately via
set config DEBUG_LTPA=1; a server restart is not strictly required.
- Entries appear in
console.logand inDebug_Outfile.
- Complementary to
DEBUG_HTTPINOUT, Web SSO configuration documents,DEBUG_OIDCLOGIN.
- For realm/domain conflicts, additionally use
tell http show config,tell http show wsso.