000022665 - How long does the Key Server maintain expired session keys?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022665
Applies ToRSA ClearTrust 4.7
iPlanet Directory Server
Microsoft Windows NT 4.0
Microsoft Windows 2000
Sun Solaris
IssueHow long does the Key Server maintain expired session keys?
ResolutionAfter new session keys have been created, expired keys are kept for a configurable amount of time, and are used solely for decrypting issued cookies. The following sets of configuration parameters are located in the configuration files keyserver.conf and webagent.conf, respectively, and provide more details.

keyserver.conf:

cleartrust.keyserver.token_lifetime
Description: This sets the allowable idle time for a given single sign-on token or cookie. This setting determines how long the Key Server will store keys no longer used for encryption but still valid for decryption.
Allowed Values: Any positive integer followed by a space and then a time identifier. The recognized time identifiers are hour, mins, and secs.
Default Value: 15 mins
Dependencies: This must match the idle timeout configuration in the ClearTrust Agents (as set in the cleartrust.agent.idle_timeout parameter in the webagent.conf)
Example: cleartrust.keyserver.token_lifetime=15 Mins

webagent.conf:

cleartrust.agent.idle_timeout
Description: This parameter specifies how long the user can be idle before ClearTrust requires reauthentication. If a user does not access the system for a length of time greater than the specified timeout, the system will require reauthentication the next time the user requests a protected resource.
Allowed Values: Any positive integer followed by a space and then a time identifier. The recognized time identifiers are hour, mins, and secs.
Default Value: 15 mins
Dependencies: The value set here must be less or equal than the value set in the keyserver.conf parameter: cleartrust.keyserver.token_lifetime
Example: cleartrust.agent.idle_timeout=15 mins
Legacy Article IDa11548

Attachments

    Outcomes