Attempts to review the IBM WebSphere Systemout.log file for diagnostical puposes results in multiple LTPA expiration messages when using IBM Rational Team Concert (RTC),
In the Systemout.log file, the following message will be seen multiple times:
LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: <date>, current Date: <date>
LTPA is a type of SSO (single sign on) technology. A server that is configured to use the LTPA authentication will send a session cookie (with LTPA included) to the browser after successfully authenticating a user. Since authentication occurs in the application server, and not RTC, this entire process is completed through WebSphere.
A user with a valid LTPA cookie can access a server that is a member of the same authentication domain as the first server and will be automatically authenticated. The cookies themselves contain information about the user that has been authenticated, the realm the user was authenticated to (such as an LDAP server) and a timestamp, and thus will expire causing the duplicate messages observed in the SystemOut.log file.
Resolving the problem
The expiration messages can be disregarded, but if you choose, you can remove the LTPA Tokens which should eliminate the duplicate messages.
Approach #1 - Removing the LTPA Key
NOTE: Removing the LTPA Key will break single sign-on. If you have or require single sign-on, do not follow this approach.
- Stop WebSphere
- Move the LTPA key from the following directory: WAS_HOME/profiles/profileName/config/cells/cellName/nodes/nodeName/ltpa
NOTE: LTPA Tokens are named ltpa.jceks
- Delete the WebSphere Cache located in the following directories:
- Restart WebSphere
Approach #2 – Adjust LTPA Timeout
- In the WebSphere Application Server console navigation pane, click Security > Global Security.
- In the Authentication area of the Global security page, click the LTPA link.
- In the LTPA timeout area of the LTPA page, edit the value for the LTPA timeout (make it an arbitrarily large number) and click OK.
- In the Messages area at the top of the Global Security page, click Save.
- Log out of the WebSphere Application Server console.
The duplicate messages should now be removed from your SystemOut.log file.
If you are still running into issues after following the above approaches, contact IBM WebSphere support.
Jazz and Rational Team Concert have an active community that can provide you with additional resources. Browse and contribute to the User forums, contribute to the Team Blog and review the Team wiki.