Where can we set the timeout for mWO authentication in IFS cloud?
Hi Experts,
Once of our customer is asking where we can set the timeout for mWO authentication?
Business Impact: Can we define the MWO session timeout.? Customer get the popup in MWO app 'Credential expired' after specific time and being asked to reauthenticate. They need know is the time user configurable?
If the timeout is not configurable the customer would like to know what is the default timeout set to.
Any input regarding this really appreciate.
Best Regads,
Sanjana
Page 1 / 1
Hi
I am not an expert in this area, but we will need more information about what Cloud or IFS version the customer is using. If they use SSO or DB Authentication.
This is not set in the MWO client as such, but is rather a set up on the method you use for authentication. So please prove the other informationa and I am sure some of our expert an answer it.
Regards
Johan
Hi
In addition to what Johan said, IFS cloud use IFS Identity and Access Manager (IFS IAM) to handle user authentication. It’s common for mobile and web and any client accessing IFS cloud. Also by default session expiry time is not configurable and I think default is 30 min.
Best to answer by A&A experts => Ping @Subhashini Sooriarachchi
Hi,
Yes. Currently it’s not possible to configure the timeouts for IFS Cloud. It is set in Keycloak.
We are trying to make it configurable from solution manager for 23R2 .
/Subhashini
Hi,
Yes. Currently it’s not possible to configure the timeouts for IFS Cloud. It is set in Keycloak.
We are trying to make it configurable from solution manager for 23R2 .
/Subhashini
Hi Subashini,
Is there any possible workaround until a solution?
Is it possible to change the value set in Keycloak?
Thanks & Best Regards,
Janith
HI,
It is possible to set the timeout from keycloak. But it will not persist. With the next delivery it will reset to default.
/Subhashini
HI,
It is possible to set the timeout from keycloak. But it will not persist. With the next delivery it will reset to default.
/Subhashini
Hi Subhashini, Could you please share some steps alter the keycloak timeout ? Hope it be used as a post delivery workaround until 23R2 release.
Best Regards,
Binu
Hi @subslk ,
is it from keycloak>clients>IFS_aurena>Advanced Settings?
Best Regards, HashanD
Hi,
NO! don’t do it for Aurena. It should be only for what ever the IAM client used by MWO or for whole realm. We have never tested this for separate IAM Clients.
From authentication side, we can only say, theoretically, it is possible to increase the timeout. But this needs to be validated from the relevant client side that they support it.
Further there are dependencies between all these timeouts. you have to be very careful on those as well.
@kathlk@JOOLSE I think you should test this and confirm from MWO side.
If the customer decided to increase the timeouts for whole application we can help.
/Subhashini
Hi @subslk ,
Thank you for the update.
Hi @subslk,
Can you please explain how to increase the IFS Timeout ?
We were told initially that IFS Timeout had no impact, and that the problem was due to Keycloack setting that IFS would take in consideration in 23R2.
But we can try your solution.
Regards,
I’m afraid, this is a risky change to do. So please wait till 23R2.
/Subhashini
Hi,
Yes. Currently it’s not possible to configure the timeouts for IFS Cloud. It is set in Keycloak.
We are trying to make it configurable from solution manager for 23R2 .
/Subhashini
I’m afraid, due to technical limitations we will not be able to deliver the possibility to change the session timeouts in 23R2. From the investigation we did, changing the values for the timeouts from keycloak admin console will make the environment unstable. So please don’t change the default values set by IFS.
Current default values for session timeouts-
Session Idle timeout - 2 hours
Max session timeout - 10 hours.
When will this be released again? - Still we are discussing when to release this fix.
/Subhashini
@subslk
Hi Subhashini,
What’s the latest on this? Can we expect a solution in a 23R2 service update?
Hi,
I’m afraid, this is an huge implementation, so definitely this will not go for a Service Update.
This will be planned for a future Release soon. ( most probably for 24R2)
/Subhashini
@subslk
Thanks, Subhashini. Is there a workaround in the meantime?
@subslk Hi Subhashini! Is there any update on this? Either a workaround or perhaps an upcoming solution?
Hi.
This is planned for 24R2.
/Subhashini
Hi @subslk
Could you please confirm if this is for 24R2 GA or EA?
Additionally, could you let us know if there is an existing Jira ID for this issue?
/Janith
Hi @subslk
is this still planned for 24R2 and still no other work around for this until the update is released?