LTPA token cushion period
Within the LTPA token expiration, there is a cushion period that is used to validate the tokens before a request is sent to the downstream application servers. This helps prevent the expiration of the tokens in a downstream server. The cushion period is twenty percent of the LTPA token expiration period, and has a maximum default time out value of ten minutes. However, this period should not be less than the ORB request time out value, which is three minutes.
There are three custom properties used to configure the timeout value for the cushion period.
- com.ibm.ws.security.cacheCushionMax: configures the maximum timeout
value for the cushion period.
- The default value is ten minutes.
- The time unit for this custom property is in minutes.
- com.ibm.ws.security.cacheCushionMin: configures the minimum expiration value for the cushion
period. Please note that the value for this custom property should not be less than the ORB request
time out value, which is three minutes.
- The default value for this is three minutes.
- The time unit for this custom property is in minutes.
- com.ibm.ws.security.authCacheCushionTime: configures the cushion
expiration time. If the cacheCushionMax property is also in use, then
in order to use this property, its value must be less than cacheCushionMax.
- The time unit for this custom property is in minutes.