IBM Support

Login success to admin console even after session timeout and not entering credentials

Troubleshooting


Problem

Users can log into the administrative console of the WebSphere Application Server after session timeout and without re-entering credentials.

Symptom

When the console session expires, but the LTPA2 token hasn't, the console can log a user on without providing credentials since the credentials haven't expired yet.

Cause

When the logoutOnHTTPSessionExpire attribute is set to 'false', the user credentials will stay active until the Single Sign-On token timeout occurs.

Resolving The Problem

User can resolve the problem by setting a Global security custom property. See steps below.

1. In the admin console, navigate to Security > Global security
2. Click the 'Custom properties' link
3. In the 'Custom properties' collection page, click 'New'
4. In the 'Name' field, enter: com.ibm.ws.security.web.logoutOnHTTPSessionExpire
In the 'Value' field, enter: true
5. Click 'Apply', then save your changes
6. Resynchronize(only if an app server or node agent) and restart
the server

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Administrative Console (all non-scripting)","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF014","label":"iOS"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"},{"code":"PF013","label":"Inspur K-UX"}],"Version":"9.0.0.1;9.0.0.0;8.5.5.9;8.5.5.8;8.5.5.7;8.5.5.6;8.5.5.5;8.5.5.4;8.5.5.3;8.5.5.2;8.5.5.10;8.5.5.1;8.5.5;8.0.0.9;8.0.0.8;8.0.0.7;8.0.0.6;8.0.0.5;8.0.0.4;8.0.0.3;8.0.0.2;8.0.0.12;8.0.0.11;8.0.0.10;8.0.0.1;8.0;7.0.0.9;7.0.0.7;7.0.0.5;7.0.0.41;7.0.0.39;7.0.0.37;7.0.0.35;7.0.0.33;7.0.0.31;7.0.0.3;7.0.0.29;7.0.0.27;7.0.0.25;7.0.0.23;7.0.0.21;7.0.0.19;7.0.0.17;7.0.0.15;7.0.0.13;7.0.0.11;7.0.0.1;7.0;9.0.0.2;8.5.5.11","Edition":"Base;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21997304

Page Feedback