Topic
7 replies Latest Post - ‏2014-01-09T00:07:48Z by swkim90049
swkim90049
swkim90049
206 Posts
ACCEPTED ANSWER

Pinned topic Users get kicked out or timed out from Maximo while actively working.

‏2013-10-14T17:01:21Z |

http://www-01.ibm.com/support/docview.wss?uid=swg21642404

Our users are getting kicked out of Maximo 7.5 (WebSphere 7.0) after two hours. The SSO token on WebSphere defaults to two hours. They say, the token is not renewed every time there is activity on Maximo. So, my initial thought was to extend the LTPA token to something like 9 hours instead of 2 hours to anticipate Maximo usage for a full day. Are there any downsides or security concerns with this? I know Maximo has its own session time on the application side which would expire much sooner than 9 hours.

 

[10/10/13 10:59:00:218 PDT] 00000185 LTPAServerObj W   SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu Oct 10 10:59:00 PDT 2013, current Date: Thu Oct 10 10:59:00 PDT 2013.
[10/10/13 10:59:00:220 PDT] 00000185 LTPAServerObj W   SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu Oct 10 10:59:00 PDT 2013, current Date: Thu Oct 10 10:59:00 PDT 2013.
[10/10/13 10:59:00:221 PDT] 00000185 LTPAServerObj W   SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu Oct 10 10:59:00 PDT 2013, current Date: Thu Oct 10 10:59:00 PDT 2013.
 
Updated on 2013-10-14T17:05:19Z at 2013-10-14T17:05:19Z by swkim90049
  • bgbaird
    bgbaird
    167 Posts
    ACCEPTED ANSWER

    Re: Users get kicked out or timed out from Maximo while actively working.

    ‏2013-10-14T18:54:48Z  in response to swkim90049

    You can define a property on the JVM settings to build a cushion on the way WAS manages the tokens.  It might work.

     

    http://www-01.ibm.com/support/docview.wss?uid=swg21320747

     

    Brian

    Updated on 2013-10-14T18:55:05Z at 2013-10-14T18:55:05Z by bgbaird
    • swkim90049
      swkim90049
      206 Posts
      ACCEPTED ANSWER

      Re: Users get kicked out or timed out from Maximo while actively working.

      ‏2013-10-14T20:38:20Z  in response to bgbaird

      I will give com.ibm.ws.security.cacheCushionMax a try.

      Do you know if this custom property requires a restart of MXServer?

      cacheCushionMax seems like a good balance between having to update the token every time vs renewing a new token when it is about to expire.

      bgbaird - I haven't said it before, but it is good to see your presence and quality answers on this forum! :)

       

      http://www.ibm.com/developerworks/websphere/techjournal/1003_botzum/1003_botzum.html#sec2c

       

       

      • This reply was deleted by swkim90049 2013-10-21T15:19:16Z.
  • maximo62
    maximo62
    47 Posts
    ACCEPTED ANSWER

    Re: Users get kicked out or timed out from Maximo while actively working.

    ‏2013-10-20T05:27:00Z  in response to swkim90049

    Hello swkim,

     

    Your  issue  is  resolved.

     

    What value you set for LTPA timeout & cacheCushionMax.

     

    we are also getting same problem.

    We implemented LDAP recently but  even before its  implementation we have this issue.

     

    we have two phyical server with separate websphere application servers installation using DNS round robin  for serving users.

     

    Maximo 7.5.03

    Websphere 7.0.0.15

     

     

  • bgbaird
    bgbaird
    167 Posts
    ACCEPTED ANSWER

    Re: Users get kicked out or timed out from Maximo while actively working.

    ‏2013-10-21T15:15:54Z  in response to swkim90049

    Kim, so this did fix it?

     

    Brian

    • swkim90049
      swkim90049
      206 Posts
      ACCEPTED ANSWER

      Re: Users get kicked out or timed out from Maximo while actively working.

      ‏2013-10-22T22:52:10Z  in response to bgbaird

      We have to schedule a change for this and it will take a few weeks. 

      I want to extend the LTPA token to 10 hours instead...

      http://www-01.ibm.com/support/docview.wss?uid=swg21642404

      I am concerned the cacheCushionMax may not work.

      • bbalwani
        bbalwani
        15 Posts
        ACCEPTED ANSWER

        Re: Users get kicked out or timed out from Maximo while actively working.

        ‏2013-12-24T10:29:16Z  in response to swkim90049

        Hi swkim90049 will you let me know you cofigure sso with maximo 7.5 and how Ltpa token you created.

        • swkim90049
          swkim90049
          206 Posts
          ACCEPTED ANSWER

          Re: Users get kicked out or timed out from Maximo while actively working.

          ‏2014-01-09T00:07:48Z  in response to bbalwani

          We extended our LTPA token to 10 hours. That worked. I do no tknow about cacheCushionMax.