Within the LTPA token expiration, there is a cushion period
that is used to validate the tokens before a request is sent to the
downstream application servers. This helps prevent the expiration
of the tokens in a downstream server. The cushion period is twenty
percent of the LTPA token expiration period, and has a maximum default
time out value of ten minutes. However, this period should not be
lower than the ORB request time out value, which is three minutes.
There are three custom properties used to configure the timeout
value for the cushion period.
- com.ibm.ws.security.cacheCushionMax: configures the maximum timeout
value for the cushion period.
- The default value is ten minutes.
- The time unit for this custom property is in minutes.
- com.ibm.ws.security.cacheCushionMin: configures the minimum expiration
value for the cushion period. Please note that the value for this
custom property should not be below the ORB request time out value,
which is three minutes.
- The default value for this is three minutes.
- The time unit for this custom property is in minutes.
- com.ibm.ws.security.authCacheCushionTime: configures the cushion
expiration time. If the cacheCushionMax property is also in use, then
in order to use this property, its value must be less than cacheCushionMax.
- The time unit for this custom property is in minutes.