To increase application security and ensure that AppPoints are promptly returned when
users close their browsers or tabs without first logging out, you can configure user authentication
session behavior. You configure user authentication session behavior by changing the expiration time
for the access and refresh token in the custom resource (CR) file for Maximo® Application Suite.
About this task
In Maximo Application Suite 8.10, the default expiration time is
changed to 30 minutes for the access token and 12 hours for refresh token.
The expiration time change works only if your applications are running from the following versions:
- Maximo Assist 8.6 and later
- Maximo Health 8.5 and later
- Maximo Manage 8.5 and later
-
Maximo Monitor 8.9 and later
- Maximo
Optimizer 8.3 and later
- Maximo Visual Inspection 8.7 and later
- IoT 8.6 and later
Note: You cannot change the expiration time in earlier versions of these applications.
In Maximo Application Suite 8.9, the default expiration time was 12 hours for the
access token and 1 week for refresh token. If you want to revert to these expiration time values,
complete the following steps.
Procedure
-
In the Red Hat® OpenShift® Container Platform console, in the Administration section, select
Custom Resource Definitions.
- In the CustomResourcesDefinitions window, select the Suite
CR file.
- On the Instances tab, select the instance that you want to
update.
- On the YAML tab for the instance, in the
spec.settings
section, change the length of time for
refreshTokenTimeout
and accessTokenTimeout
. For example, to revert to the default behavior that was set in
version 8.9, update
accessTokenTimeout
from 30 minutes to 12 hours and update
refreshTokenTimeout
from 12 hours to 168 hours. By changing these values, when a
user closes a browser without logging out, the AppPoints are returned within 12 hours. The access
token is valid and can be refreshed for up to 7 days, which is 168 hours, before users must log in
to their session.
spec:
settings:
sso:
refreshTokenTimeout: 168h
accessTokenTimeout: 12h
Note: To avoid unexpected behavior, the minimum that you can set the expiration time is 15 minutes
for the access token, and 12 hours for refresh token.
- Save the CR changes.