Skip to main content

We’re currently in the process of upgrading from Apps 10 UPD 24 to Cloud 24R2 (self-hosted).

We use Entra ID for authentication, and with the default IAM token settings for the IFS_Aurena_Native, mobile users were being made to sign in again after 3 minutes. It seems to use the ‘access token lifespan’ setting in the ‘IAM client details\Edit sessions and tokens’ screen. 

Setting this to the max (60 minutes) means that users have to log in every hour. But even then this seems far too frequent. Especially since it is 60 minutes since the last login, not 60 minutes of inactivity. From what I can tell, the user could be on site, 100 questions into a maintenance survey and the popup will appear. 

Our upgrade partner seems to think that this is expected behaviour and cannot be changed, but to me this doesn’t seem right. This is far more frequent than Apps 10. 

Has anyone else run into these issues? Are there any settings outside of the IAM client details page that configures this behaviour?

 

 

 

Hi Galvanize96,

The access token isn’t the login session time. When you authenticate you receive an access token. At this stage if your computer was compromised this token could be extracted out of your browser and used into another browser on another device and it would recognise you as already logged in.

This is a very common attack method today vs in the past. Commonly abused via phishing emails to compromise logins. Extending this time give a longer window for that token to be valid.

However when a user is using IFS the token should automatically refresh via the open webpage. This will happen until you hit the session idle limit. Then finally the session limit is the maximum duration a session can keep going until you need to re-authenticate.

This is just my speculation but I assume the mobile device is not keeping the webpage active and refreshing the token (for battery life?). Maybe somebody else has some experience with this and can provide some advice. Either that or use the MWO native apps which I believe has cache / offline capabilities (again I am not so familiar here).

Reply


Terms & ConditionsCookie settings