Maximo Application Suite Customer-managed

Configuring user authentication sessions

To increase application security and ensure that AppPoints are promptly returned when users close their browsers or tabs without first logging out, you can configure user authentication session behavior. You configure user authentication session behavior by changing the expiration time for the access and refresh token in the custom resource (CR) file for Maximo® Application Suite.

About this task

In Maximo Application Suite 8.10, the default expiration time is changed to 30 minutes for the access token and 12 hours for refresh token.

The expiration time change works only if your applications are running from the following versions:
  • Maximo Assist 8.6 and later
  • Maximo Health 8.5 and later
  • Maximo Manage 8.5 and later
  • Maximo Monitor 8.9 and later
  • Maximo Optimizer 8.3 and later
  • Maximo Visual Inspection 8.7 and later
  • IoT 8.6 and later
Note: You cannot change the expiration time in earlier versions of these applications.

In Maximo Application Suite 8.9, the default expiration time was 12 hours for the access token and 1 week for refresh token. If you want to revert to these expiration time values, complete the following steps.

Procedure

  1. In the Red Hat® OpenShift® Container Platform console, in the Administration section, select Custom Resource Definitions.
  2. In the CustomResourcesDefinitions window, select the Suite CR file.
  3. On the Instances tab, select the instance that you want to update.
  4. On the YAML tab for the instance, in the spec.settings section, change the length of time for refreshTokenTimeout and accessTokenTimeout.
    For example, to revert to the default behavior that was set in version 8.9, update accessTokenTimeout from 30 minutes to 12 hours and update refreshTokenTimeout from 12 hours to 168 hours. By changing these values, when a user closes a browser without logging out, the AppPoints are returned within 12 hours. The access token is valid and can be refreshed for up to 7 days, which is 168 hours, before users must log in to their session.
    spec: 
  settings:
    sso:
      refreshTokenTimeout: 168h
      accessTokenTimeout: 12h
    Note: To avoid unexpected behavior, the minimum that you can set the expiration time is 15 minutes for the access token, and 12 hours for refresh token.
  5. Save the CR changes.