Configuring the LTPA token expiry interval
LTPA tokens can be used to avoid needing a user to provide username and password credentials on each request to WebSphere® Application Server Liberty. You can configure the expiry interval for LTPA authentication tokens.
Before you begin
You must be a privileged user to complete this procedure.
From IBM® MQ 9.0.4, you can view the
current configuration of the token expiry by using the dspmqweb properties
command with the -a
flag. For more information, see dspmqweb. You can reset the value
of the token expiry by using the setmqweb properties command with the
-k
and -d
flags. For more information, see setmqweb.
Before issuing either the setmqweb or dspmqweb commands on z/OS®, you must set the WLP_USER_DIR environment variable, so that the variable points to your mqweb server configuration.
export WLP_USER_DIR=WLP_user_directory
where
WLP_user_directory
is the name of the directory that is passed
to crtmqweb.sh
. For
example:export WLP_USER_DIR=/var/mqm/web/installation1
For more information, see Create the Liberty server definition.
About this task
/login
REST API resource with the HTTP POST method. The token is used to
authenticate the user without the user being required to log in again with their user ID and
password, until the token expires. The default expiry interval is 120 minutes. From IBM MQ 9.0.4, you can configure when
the tokens expire by using the setmqweb command. In IBM MQ 9.0.3, and earlier, you can configure when the tokens expire
by editing the mqwebuser.xml file.
Procedure
- From IBM MQ 9.0.4, use the setmqweb
properties command:
setmqweb properties -k ltpaExpiration -v time
where time specifies the time, in minutes, before the LTPA token expires and the user is logged out. The default value is 120 minutes.
- For IBM MQ 9.0.3 and earlier, edit the
mqwebuser.xml file:
- Open the mqwebuser.xml file.The mqwebuser.xml file can be found in one of the following directories:
- On UNIX, Linux®, and Windows:
MQ_DATA_DIRECTORY
/web/installations/installationName/servers/mqweb - On z/OS:
WLP_user_directory/servers/mqweb
where WLP_user_directory is the directory that was specified when the crtmqweb.sh script ran to create the mqweb server definition.
- On UNIX, Linux®, and Windows:
- Configure the LTPA token expiry interval by adding or editing the following line in the
mqwebuser.xml file, within the
<server>
tags:<variable name="ltpaExpiration" value="time" />
where time specifies the time, in minutes, before the LTPA token expires and the user is logged out. The default value is 120 minutes.
- Open the mqwebuser.xml file.