If you are trying to set-up LTPA SSO between the WebSeal reverse proxy controlled by TAM and WebSphere Portal, check this technote: http://www-1.ibm.com/support/docview.wss?uid=swg21198736
What are they trying to say in above article, is that if you use 'WPSConfig enable-security-wmmur-ldap', you'd better be aware that LTPA keys exported from Portal's WAS in order to be imported in other places (Domino, WebSeal, whatever) needs a modification:
from com.ibm.websphere.ltpa.Realm=null to com.ibm.websphere.ltpa.Realm=WMMRealm
If you want to change this permanently, then follow the article to set that property to WMMRealm for good, so that other exports of LTPA keys from WAS would keep it in the file.
If we're on the subject, be aware as well that accessing WebSphere Portal through WebSeal is done via:
instead of the default Portal url:
Once you get through WebSeal, you need to access the private place of the Portal, which is /myportal, by default. If you are accessing /portal, you're prompted for login, even though you're already authenticated.