IBM Support

MDM Publisher: In a Kubernetes deployment, reinitialization of the MDM Publisher pod does not prompt for a new login

Troubleshooting


Problem

When MDM Publisher is deployed in a Kubernetes cluster, there is an issue affecting reinitialization of the MDM Publisher pod. Any reinitialization of the MDM Publisher pod, including following a simple restart or a teardown, there is no prompt for the user to log in again.
This issue occurs because the MDM Publisher pod does not invalidate existing JWT tokens. As a result, clients with a valid JWT token will remain logged in.

Cause

The JWT session token that is saved in the browser does not get invalidated even if the IBM WebSphere Liberty Profile instance is destroyed and recreated. The WLP instance uses the same certificate after the restart or reinitialization that was used to issue the token. As a result, WLP continues to see the JWT token as valid, and it will honor the expiration date that is embedded in the token.

Resolving The Problem

To invalidate all sessions and force all users to log in again, create a new certificate to be used by the WebSphere Liberty Profile instance.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWSR9","label":"IBM InfoSphere Master Data Management"},"Component":"IBM MDM Publisher","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
27 April 2022

UID

ibm10883646