LTPA Token Expired error in WebSphere Logs with Rational Team Concert

Technote (troubleshooting)


Attempts to review the IBM WebSphere Systemout.log file for diagnostical puposes results in multiple LTPA expiration messages when using IBM Rational Team Concert (RTC),


In the Systemout.log file, the following message will be seen multiple times:

LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: <date>, current Date: <date>


LTPA is a type of SSO (single sign on) technology. A server that is configured to use the LTPA authentication will send a session cookie (with LTPA included) to the browser after successfully authenticating a user. Since authentication occurs in the application server, and not RTC, this entire process is completed through WebSphere.

A user with a valid LTPA cookie can access a server that is a member of the same authentication domain as the first server and will be automatically authenticated. The cookies themselves contain information about the user that has been authenticated, the realm the user was authenticated to (such as an LDAP server) and a timestamp, and thus will expire causing the duplicate messages observed in the SystemOut.log file.

Resolving the problem

The expiration messages can be disregarded, but if you choose, you can remove the LTPA Tokens which should eliminate the duplicate messages.

Approach #1 - Removing the LTPA Key
NOTE: Removing the LTPA Key will break single sign-on. If you have or require single sign-on, do not follow this approach.

  1. Stop WebSphere

  2. Move the LTPA key from the following directory: WAS_HOME/profiles/profileName/config/cells/cellName/nodes/nodeName/ltpa
    NOTE: LTPA Tokens are named ltpa.jceks
  3. Delete the WebSphere Cache located in the following directories:

  4. Restart WebSphere

Approach #2 – Adjust LTPA Timeout
  1. In the WebSphere Application Server console navigation pane, click Security > Global Security.

  2. In the Authentication area of the Global security page, click the LTPA link.

  3. In the LTPA timeout area of the LTPA page, edit the value for the LTPA timeout (make it an arbitrarily large number) and click OK.

  4. In the Messages area at the top of the Global Security page, click Save.

  5. Log out of the WebSphere Application Server console.

The duplicate messages should now be removed from your SystemOut.log file.

If you are still running into issues after following the above approaches, contact IBM WebSphere support.

Leverage the Jazz Community

Jazz and Rational Team Concert have an active community that can provide you with additional resources. Browse and contribute to the User forums, contribute to the Team Blog and review the Team wiki.
Refer to technote 1319600 for details and links.

Related information


Rate this page:

(0 users)Average rating

Document information

More support for:

Rational Team Concert
Web App Server

Software version:

3.0, 3.0.1,,,, 4.0

Operating system(s):

Linux, Windows

Reference #:


Modified date:


Translate my page

Machine Translation

Content navigation