Bootstrap FreeKB - IBM WebSphere - Single Sign On (SSO) and Lightweight Third Party Authentication (LTPA) - Timeout
IBM WebSphere - Single Sign On (SSO) and Lightweight Third Party Authentication (LTPA) - Timeout
Updated:   |  IBM WebSphere articles

If you are not familiar with SSO and LTPA, check out our getting started article.

By default, the LTPA timeout is 120 minutes. If you change the timeout, the cell (dmgr, nodes, application servers) will need to be restarted for this change to take effect.

 

Likewise, the /opt/WebSphere/AppServer/profiles/your_profile/config/cells/your_cell/security.xml file should contain a line like this.

<authMechanisms 
xmi:type="security:LTPA" 
xmi:id="LTPA_1" 
OID="oid:1.3.18.0.2.30.2" 
authContextImplClass="com.ibm.ISecurityLocalObjectTokenBaseImpl.WSSecurityContextLTPAImpl" 
authConfig="system.LTPA" 
simpleAuthConfig="system.LTPA" 
authValidationConfig="system.LTPA" 
timeout="120" 
keySetGroup="KeySetGroup_1">

 

When the LTPA token expires, the following event will be found in the SystemOut.log or HPEL log.

SECJ0371W: Validation of the LTPA token failed because the token expired with the following info:
Token expiration: Sun Nov 11 06:51:00 CST 2018
current Date: Sun Nov 11 20:12:40 CST 2019
Token attributes: username=user:defaultRealm/uid=root,o=defaultWIFFileBasedRealm

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 3530f4 in the box below so that we can be sure you are a human.