Setting the session idle time limits for Platform UI (Zen)
You can adjust the session time limit for users of Zen in accordance with your security and compliance requirements. If a user leaves a session idle in a web browser for the specified length of time, the user is automatically logged out.
About this task
By default, Cloud Pak for Business Automation logs out any user
after 12 hours. You can edit the product-configmap
of the Zen service to adjust the
values of the following parameters.
TOKEN_EXPIRY_TIME
-
The
TOKEN_EXPIRY_TIME
parameter determines the length of time for a session to expire. The default is 12 hours.If you set
TOKEN_EXPIRY_TIME: "1"
, a session expires after 1 hour of inactivity. If you setTOKEN_EXPIRY_TIME: "0.5"
, a session expires after 30 minutes of inactivity. When the user leaves a session idle for the specified length of time, the user is automatically logged out.Set the value between 0.1 (6 minutes) and 1 (60 minutes) for the time that a session can be idle.
TOKEN_REFRESH_PERIOD
-
The
TOKEN_REFRESH_PERIOD
parameter determines the length of time after which a user must refresh a session. The default is 12 hours.If you set
TOKEN_REFRESH_PERIOD: "1"
and the session does not expire, the session is automatically refreshed during the 60 minutes. The session is extended based on the value that is set for theTOKEN_EXPIRY_TIME
parameter. However, after the token refresh period passes, the user must log back into the web client when the current session expires.Set the value between 1 and 24 hours for the maximum inactive time to refresh the tokens.
If you do not want to allow users to extend sessions, set the value of the
TOKEN_REFRESH_PERIOD
parameter to a value less than the value of the
TOKEN_EXPIRY_TIME
parameter.
If you set the TOKEN_EXPIRY_TIME
shorter than the
TOKEN_REFRESH_PERIOD
, a user who logs in to a web client must be active within the
time that is specified for their token to be refreshed.
For example, suppose a user who starts a web client at 8:00 AM when the following parameter values are set.
TOKEN_EXPIRY_TIME: "0.5"
TOKEN_REFRESH_PERIOD: "2"
- If the user stops working in the web client at 8:10 AM and then attempts to use the web client again at 8:41 AM, the user must re-authenticate.
- If the user remains active in the session for 2 hours, the token refreshes at 9:59 AM, and the session does not expire until 10:29 AM. If the session expires at 10:29 AM, the user must then re-authenticate in the web client because the token refresh period expired.