Topic
  • 7 replies
  • Latest Post - ‏2014-01-09T00:07:48Z by swkim90049
swkim90049
swkim90049
291 Posts

Pinned topic Users get kicked out or timed out from Maximo while actively working.

‏2013-10-14T17:01:21Z |

http://www-01.ibm.com/support/docview.wss?uid=swg21642404

Our users are getting kicked out of Maximo 7.5 (WebSphere 7.0) after two hours. The SSO token on WebSphere defaults to two hours. They say, the token is not renewed every time there is activity on Maximo. So, my initial thought was to extend the LTPA token to something like 9 hours instead of 2 hours to anticipate Maximo usage for a full day. Are there any downsides or security concerns with this? I know Maximo has its own session time on the application side which would expire much sooner than 9 hours.

 

[10/10/13 10:59:00:218 PDT] 00000185 LTPAServerObj W   SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu Oct 10 10:59:00 PDT 2013, current Date: Thu Oct 10 10:59:00 PDT 2013.
[10/10/13 10:59:00:220 PDT] 00000185 LTPAServerObj W   SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu Oct 10 10:59:00 PDT 2013, current Date: Thu Oct 10 10:59:00 PDT 2013.
[10/10/13 10:59:00:221 PDT] 00000185 LTPAServerObj W   SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Thu Oct 10 10:59:00 PDT 2013, current Date: Thu Oct 10 10:59:00 PDT 2013.
 
Updated on 2013-10-14T17:05:19Z at 2013-10-14T17:05:19Z by swkim90049
  • bgbaird
    bgbaird
    253 Posts

    Re: Users get kicked out or timed out from Maximo while actively working.

    ‏2013-10-14T18:54:48Z  

    You can define a property on the JVM settings to build a cushion on the way WAS manages the tokens.  It might work.

     

    http://www-01.ibm.com/support/docview.wss?uid=swg21320747

     

    Brian

    Updated on 2013-10-14T18:55:05Z at 2013-10-14T18:55:05Z by bgbaird
  • swkim90049
    swkim90049
    291 Posts

    Re: Users get kicked out or timed out from Maximo while actively working.

    ‏2013-10-14T20:38:20Z  
    • bgbaird
    • ‏2013-10-14T18:54:48Z

    You can define a property on the JVM settings to build a cushion on the way WAS manages the tokens.  It might work.

     

    http://www-01.ibm.com/support/docview.wss?uid=swg21320747

     

    Brian

    I will give com.ibm.ws.security.cacheCushionMax a try.

    Do you know if this custom property requires a restart of MXServer?

    cacheCushionMax seems like a good balance between having to update the token every time vs renewing a new token when it is about to expire.

    bgbaird - I haven't said it before, but it is good to see your presence and quality answers on this forum! :)

     

    http://www.ibm.com/developerworks/websphere/techjournal/1003_botzum/1003_botzum.html#sec2c

     

     

  • maximo62
    maximo62
    53 Posts

    Re: Users get kicked out or timed out from Maximo while actively working.

    ‏2013-10-20T05:27:00Z  

    Hello swkim,

     

    Your  issue  is  resolved.

     

    What value you set for LTPA timeout & cacheCushionMax.

     

    we are also getting same problem.

    We implemented LDAP recently but  even before its  implementation we have this issue.

     

    we have two phyical server with separate websphere application servers installation using DNS round robin  for serving users.

     

    Maximo 7.5.03

    Websphere 7.0.0.15

     

     

  • bgbaird
    bgbaird
    253 Posts

    Re: Users get kicked out or timed out from Maximo while actively working.

    ‏2013-10-21T15:15:54Z  

    Kim, so this did fix it?

     

    Brian

  • swkim90049
    swkim90049
    291 Posts

    Re: Users get kicked out or timed out from Maximo while actively working.

    ‏2013-10-22T22:52:10Z  
    • bgbaird
    • ‏2013-10-21T15:15:54Z

    Kim, so this did fix it?

     

    Brian

    We have to schedule a change for this and it will take a few weeks. 

    I want to extend the LTPA token to 10 hours instead...

    http://www-01.ibm.com/support/docview.wss?uid=swg21642404

    I am concerned the cacheCushionMax may not work.

  • bbalwani
    bbalwani
    15 Posts

    Re: Users get kicked out or timed out from Maximo while actively working.

    ‏2013-12-24T10:29:16Z  

    We have to schedule a change for this and it will take a few weeks. 

    I want to extend the LTPA token to 10 hours instead...

    http://www-01.ibm.com/support/docview.wss?uid=swg21642404

    I am concerned the cacheCushionMax may not work.

    Hi swkim90049 will you let me know you cofigure sso with maximo 7.5 and how Ltpa token you created.

  • swkim90049
    swkim90049
    291 Posts

    Re: Users get kicked out or timed out from Maximo while actively working.

    ‏2014-01-09T00:07:48Z  
    • bbalwani
    • ‏2013-12-24T10:29:16Z

    Hi swkim90049 will you let me know you cofigure sso with maximo 7.5 and how Ltpa token you created.

    We extended our LTPA token to 10 hours. That worked.

    Please see the attached screenshot for navigation on setting LTPA timeout to 600 minutes (or 10 hours) in WebSphere 7.x

     

    I did not try tweaking the cacheCushionMax setting.

    Attachments

    Updated on 2014-08-21T15:49:51Z at 2014-08-21T15:49:51Z by swkim90049