Troubleshooting
Problem
Users can log into the administrative console of the WebSphere Application Server after session timeout and without re-entering credentials.
Symptom
When the console session expires, but the LTPA2 token hasn't, the console can log a user on without providing credentials since the credentials haven't expired yet.
Cause
When the logoutOnHTTPSessionExpire attribute is set to 'false', the user credentials will stay active until the Single Sign-On token timeout occurs.
Resolving The Problem
User can resolve the problem by setting a Global security custom property. See steps below.
1. In the admin console, navigate to Security > Global security
2. Click the 'Custom properties' link
3. In the 'Custom properties' collection page, click 'New'
4. In the 'Name' field, enter: com.ibm.ws.security.web.logoutOnHTTPSessionExpire
In the 'Value' field, enter: true
5. Click 'Apply', then save your changes
6. Resynchronize(only if an app server or node agent) and restart
the server
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21997304