Open bobbydixon opened 8 months ago
Do you know whether they use API Mediation Layer to access the z/OS APIs?
Just wondering, do they observe that zosmf when used directly lasts longer than 8 hours?
I found this about configuring LTPA timeout, maybe that's what was already done judging by the logs. https://www.ibm.com/docs/en/was-liberty/base?topic=liberty-configuring-ltpa-in
@balhar-jakub - how do they check if they're using the API Mediation Layer to access the z/OS APIs?
@1000TurquoisePogs - the client logged onto the z/OSMF Desktop on two different LPARs, one where the parameter was changed and one where it was not. Some 8 hours later he got the logon prompt for the LPAR where the parameter was not changed - but not for the LPAR where the parameter was changed. So the setting seems to work for z/OSMF Desktop.
@bobbydixon - Within the browser, there will be cookie names - apimlAuthenticationToken
Describe the bug The LTPA token expires every 8-hours even though the client has specified that the token should be valid for 30-days on the server side.
We has one of our WebSphere colleagues mentioned the LTPAToken2 is stored as a cookie in the browser after login. He opened a developer console and said it looks like Zowe does not appear to be using an LTPA token at all. He suggested narrowing down which cookie is storing the authentication information. Then focus on how to trace that cookie. He said Liberty does have the following setting that can invalidate an LTPA token on a session timeout, but he confirm what he saw in the trace showed it's set to "false":
logoutOnHttpSessionExpire="true"
He said it is as if the product manages its own authentication.
The client is using Zowe Explorer in VS Code to look at datasets.
To try avoid the LTPA token expiring, they changed SESSION_EXPIRE(43200) in the zOSMF config on host. But it still expires after 8-hours.
They see the following message when it starts:
IZUG018W The property LTPA_EXPIRE is set to 43205 WARNING: The value specified for SESSION_EXPIRE must be less than LTPA_EXPIRE.
For IBMers, this relates to case TS014904922
Steps to Reproduce
I've reached out to the client for details
Expected behavior The client expects the LTPA token to on be renewed after 30-days
Screenshots If applicable, add screenshots to help explain your problem.
Logs If applicable, add server logs collected at the time of your problem.
Details
Web Browser Details (if the bug relates to Zowe Desktop usage):
REST API client (in case of REST API issue):
Shell Environment Details (if the bug relates to CLI):
Additional context Add any other context about the problem here.