UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Lieutenant Commander Lieutenant Commander
Lieutenant Commander
3801 views

How can I increase maximum lifespan of CloudController tokens?

It appears to be limited to 90 days by default.

Thanks!

Tags (1)
0 Likes
2 Replies
Vice Admiral
Vice Admiral

The max days to live for each token type is capped on the server; there's a file at <ssc exploded war folder>/WEB-INF/internal/serviceContext.xml which stores the configuration related to this.

For the cloudCtrlToken, the default maxDaysToLive is 90 days, so to change it, open the file mentioned above and search for "cloudCtrlToken", you should see a section like this:

<bean id="cloudCtrlToken" class="com.fortify.manager.security.ws.AuthenticationTokenSpec">

        <property name="key" value="CloudCtrlToken" />

        <property name="maxDaysToLive" value="90" />

        <property name="actionPermitted">

         ...

Change the maxDaysToLive value there, save the changes and restart the app server where SSC is running. Then you'll be able to generate a new token with fortifyclient with a days to live value matching the new maximum you've set. Existing tokens won't be modified.

If the SSC webapp is ever redeployed from the .war the change will be overwitten in the deployed version, so you should either watch out for that or also update that file inside the ssc.war using a zip tool.

I should point out that these defaults were chosen in order to discourage long lived tokens; you should follow your organization's policies on password / token validity duration and not have a token which is valid forever.

-Josh

Fortify L3 support engineer

0 Likes
Lieutenant Commander Lieutenant Commander
Lieutenant Commander

Thanks very much Josh for your help.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.