Question

Where can we set the timeout for mWO authentication in IFS cloud?


Userlevel 2
Badge +7

Hi Experts, 

 

Once of our customer is asking where we can set the timeout for mWO authentication? 

 

Business Impact: Can we define the MWO session timeout.? Customer get the popup in MWO app 'Credential expired' after specific time and being asked to reauthenticate. They need know is the time user configurable?

 

If the timeout is not configurable the customer would like to know what is the default timeout set to.

 

Any input regarding this really appreciate. 

 

Best Regads,

Sanjana 


17 replies

Userlevel 5
Badge +9

Hi, 

Yes. Currently it’s not possible to configure the timeouts for IFS Cloud. It is set in Keycloak. 

We are trying to make it configurable from solution manager for 23R2 .  

/Subhashini 

I’m afraid, due to technical limitations we will not be able to deliver the possibility to change the session timeouts in 23R2.  From the investigation we did, changing the values for the timeouts from keycloak admin console will make the environment unstable. So please don’t change the default values set by IFS. 

Current default values for session timeouts- 

Session Idle timeout - 2 hours 

Max session timeout - 10 hours. 

 

When will this be released again? - Still we are discussing when to release this fix. 

/Subhashini 

Userlevel 5
Badge +9

Hi, 

Yes. Currently it’s not possible to configure the timeouts for IFS Cloud. It is set in Keycloak. 

We are trying to make it configurable from solution manager for 23R2 .  

/Subhashini 

Userlevel 6
Badge +14

Hi

In addition to what Johan said, IFS cloud use IFS Identity and Access Manager (IFS IAM) to handle user authentication. It’s common for mobile and web and any client accessing IFS cloud. Also by default session expiry time is not configurable and I think default is 30 min. 

Best to answer by A&A experts => Ping @Subhashini Sooriarachchi

Userlevel 5
Badge +9

Hi,    

 

NO! don’t do it for Aurena.  It should be only for what ever the IAM client used by MWO or for whole realm. We have never tested this for separate IAM Clients. 

From authentication side, we can only say, theoretically, it is possible to increase the timeout. But this needs to be validated from the relevant client side that they support it. 

Further there are dependencies between all these timeouts. you have to be very careful on those as well. 

 

@kathlk @JOOLSE I think you should test this and confirm from MWO side. 

 

If the customer decided to increase the timeouts for whole application we can help. 

 

/Subhashini 

 

 

 

 

Userlevel 5
Badge +9

Hi,

I’m afraid, this is an huge implementation, so definitely this will not go for a Service Update. 

This will be planned for a future Release soon. ( most probably for 24R2) 

 

/Subhashini 

Userlevel 5
Badge +10

@subslk 

Thanks, Subhashini.  Is there a workaround in the meantime?

Userlevel 2
Badge +3

HI, 

It is possible to set the timeout from keycloak. But it will not persist. With the next delivery it will reset to default. 

/Subhashini 

Hi Subhashini,
Could you please share some steps alter the keycloak timeout ?
Hope it be used as a post delivery workaround until 23R2 release. 

Best Regards,

Binu

Userlevel 5
Badge +10

Hi

I am not an expert in this area, but we will need more information about what Cloud or IFS version the customer is using. If they use SSO or DB Authentication. 

This is not set in the MWO client as such, but is rather a set up on the method you use for authentication. So please prove the other informationa and I am sure some of our expert an answer it. 

Regards

Johan

 

Userlevel 1
Badge +4

Hi @subslk ,

is it from keycloak>clients>IFS_aurena>Advanced Settings?

 


Best Regards,
HashanD

Userlevel 2
Badge +4

Hi @subslk

Can you please explain how to increase the IFS Timeout ?

We were told initially that IFS Timeout had no impact, and that the problem was due to Keycloack setting that IFS would take in consideration in 23R2.  

But we can try your solution.

 

Regards,

Userlevel 1
Badge +4

Hi @subslk ,

Thank you for the update.

 

Userlevel 5
Badge +9

I’m afraid, this is a risky change to do. So please wait till 23R2. 

/Subhashini 

Badge +1

 

Hi, 

Yes. Currently it’s not possible to configure the timeouts for IFS Cloud. It is set in Keycloak. 

We are trying to make it configurable from solution manager for 23R2 .  

/Subhashini 

Hi Subashini,

Is there any possible workaround   until a solution?

Is it possible to change the value set in Keycloak?

 

 

Thanks & Best Regards,

Janith

 

 

Userlevel 5
Badge +17

@subslk Hi Subhashini! Is there any update on this? Either a workaround or perhaps an upcoming solution?

Userlevel 5
Badge +9

Hi.

This is planned for 24R2. 

 

/Subhashini

Userlevel 5
Badge +10

@subslk 

Hi Subhashini,

 

What’s the latest on this?  Can we expect a solution in a 23R2 service update?

Userlevel 5
Badge +9

HI, 

It is possible to set the timeout from keycloak. But it will not persist. With the next delivery it will reset to default. 

/Subhashini 

Reply