Question

"Reauthentication failed. The Application will shutdown" error.

  • 16 December 2020
  • 4 replies
  • 666 views
R
Rank
Userlevel 2
Badge +6

We are new on Apps10 update 7 as of Nov. 30th.  I have received complaints from the shop floor production areas and QA that people are receiving this error in various screens and they are immediately kicked out.  We have noticed this in creating an MRB case from a shop order and then others have said simply using the shop floor workbench.  I noticed another post stating it might be tied to the IFS Time Clock, which we do use also. 

Our DBA thought it was related to our security checkpoint setups but none of the screens where this occurred have security checkpoint enabled.  Has anyone else experienced this? 

Could this be related to our idle timeout value?  I’m wondering what it’s trying to re-authenticate.

This topic has been closed for comments

4 replies

GPIE
Rank
Userlevel 5
Badge +11

This happens with our IFS10UPD4 installation only when we restart the middleware whilst people are still logged in. When the users try to use IFS again, they get that message and have to restart IFS.

Sorry it isn’t a more useful contribution.

Yasas Kasthuriarachchi
Rank
Userlevel 7
Badge +30

Hi @reimccabe,
I am not sure if the following information may be valuable on your issue but felt it may help someone with the same error Reauthentication failed. The application will shut down with SSO/ADFS.

Following is the ‘re-authentication’ behavior in EE client.

When the user logs in and work in IFS Enterprise Explorer client the client session is refreshed based on the session timeout (Default 10 minutes). When the current session times out, the “Access Token” given by the ADFS server is used to refresh the client session. The Access Token has a lifetime of about 1 hour by default. Once the Access Token  expires, the “Refresh Token” given by the ADFS server is used to obtain a new Access Token. This Refresh Token has a lifetime of maximum 7 days according to ADFS documentation. 
Once the Refresh Token expires it will not be possible to get any new Access Tokens. Therefore, re-authentication will fail, and the user will be prompted for credentials.

You can also refer the following link extracted from the ADFS documentation:
https://docs.microsoft.com/sv-se/windows-server/identity/ad-fs/operations/ad-fs-single-sign-on-settings;

“If the device is not registered but a user selects the “keep me signed in” option, the expiration time of the refresh token will equal the persistent SSO cookies lifetime for "keep me signed in" which is 1 day by default with maximum of 7 day. Otherwise, refresh token lifetime equals session SSO cookie lifetime which is 8 hours by default”
 

There have been reports of this issue and recommendations was to change following ADFS properties as below.
KmsiEnabled=true
SSOLifeTime=1440

So the possible solution is to delay the "timeout" of the refresh token, by increasing the SSO timeout in the ADFS settings and prevent the end user to be logged out, due to technical limitations in the client. But you can tune these parameters according to the usage of your environment by referring the logged information regarding the usage.


Hope this information may help.

Best Regards,
Yasas

R
Rank
Userlevel 2
Badge +6

Thank you, Yasas!  Our DBA was looking for where to set this because it’s not in the expected location.  I’ll send him these notes and hopefully we can avoid this in future.

R
Rank
Userlevel 2
Badge +6

Oh wait-we’re not SSO.  We have the standard login.

Terms & ConditionsCookie settings