LTPA Token Expired error in WebSphere Logs with Rational Team Concert

Technote (troubleshooting)


Problem(Abstract)

Attempts to review the IBM WebSphere Systemout.log file for diagnostical puposes results in multiple LTPA expiration messages when using IBM Rational Team Concert (RTC),

Symptom

In the Systemout.log file, the following message will be seen multiple times:

LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: <date>, current Date: <date>


Cause

LTPA is a type of SSO (single sign on) technology. A server that is configured to use the LTPA authentication will send a session cookie (with LTPA included) to the browser after successfully authenticating a user. Since authentication occurs in the application server, and not RTC, this entire process is completed through WebSphere.

A user with a valid LTPA cookie can access a server that is a member of the same authentication domain as the first server and will be automatically authenticated. The cookies themselves contain information about the user that has been authenticated, the realm the user was authenticated to (such as an LDAP server) and a timestamp, and thus will expire causing the duplicate messages observed in the SystemOut.log file.


Resolving the problem

The expiration messages can be disregarded, but if you choose, you can remove the LTPA Tokens which should eliminate the duplicate messages.


Approach #1 - Removing the LTPA Key

  1. Stop WebSphere

  2. Move the LTPA key from the following directory: WAS_HOME/profiles/profileName/config/cells/cellName/nodes/nodeName/ltpa
    NOTE: LTPA Tokens are named ltpa.jceks
  3. Delete the WebSphere Cache located in the following directories:
    profile_root/wstemp
    profile_root
    /temp

  4. Restart WebSphere



Approach #2 – Adjust LTPA Timeout
  1. In the WebSphere Application Server console navigation pane, click Security > Global Security.

  2. In the Authentication area of the Global security page, click the LTPA link.

  3. In the LTPA timeout area of the LTPA page, edit the value for the LTPA timeout (make it an arbitrarily large number) and click OK.

  4. In the Messages area at the top of the Global Security page, click Save.

  5. Log out of the WebSphere Application Server console.



The duplicate messages should now be removed from your SystemOut.log file.

Leverage the Jazz Community

Jazz and Rational Team Concert have an active community that can provide you with additional resources. Browse and contribute to the User forums, contribute to the Team Blog and review the Team wiki.
Refer to technote 1319600 for details and links.

Related information

LTPA

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Rational Team Concert
Web App Server

Software version:

3.0, 3.0.1, 3.0.1.1, 3.0.1.2, 3.0.1.3, 4.0

Operating system(s):

Linux, Windows

Reference #:

1590961

Modified date:

2014-02-28

Translate my page

Machine Translation

Content navigation