LTPA Timeout in WebSphere Application Server (Authentication Timeout) ~ DevOps Insight

Nov 13, 2009

LTPA Timeout in WebSphere Application Server (Authentication Timeout)

Posted by eichelgartenweg on 11:33 AM with 1 comment

Web techniques like AJAX are designed for “long user sessions” especially in an business context.

In WebSphere an user session is limited by two timeouts:

JSession (Plain Java Session ID)
Lightweight Third-Party Authentication (LTPA) - IBMs proprietary authentication mechanism

If you need to increase the Session-Timeout to large values (like 8 h) you may observe some side effects of the LTPA security technology.

A LTPA-based authentication session has a fixed timeout. This timeout is globally defined in
Security > Secure administration, applications, and infrastructure >Authentication mechanisms and expiration
Every time an user logs in a LTPA-Token with a specific time-based validity is extended or reused.

If a LTPA timeout is reused ore renewed can be influenced by setting a cacheMaxTimeout-Value as a JVM-Property. If the remaining LTPA-Validiy-Period is lower than the cacheCushionMax-Value, a new LTPA-Token (with new validity) is created. If the LTPA-Validity is higher than the cacheCushionMax-Value the “old” LTPA-Session (with “old” LTPA-Timeout) will be reused.
User activities do not automatically extend the validity! The LTPA-Timeout is a static timeout!

The picture below shows the workflow:

For more information see this link:
http://www-01.ibm.com/support/docview.wss?fdoc=aimwps&rs=2307&uid=swg21320747

Categories: cacheCushionMax, JSESSION, LTPA, Timeout, WebSphere

1 comment:

AnonymousJuly 4, 2011 at 8:21 PM
Very informative blog, thanks for sharing...
ReplyDelete

Add comment

DevOps Insight

Thoughts and Tutorials about Continuous Integration, Application Integration, SOA, IT Architecture, WebSphere and Liferay

Nov 13, 2009

LTPA Timeout in WebSphere Application Server (Authentication Timeout)

1 comment:

Search

Blog Archive