April 2, 2020
Estimated Post Reading Time ~ < 1 Min

How to set timeout for login-token

AEM is REST-based, does not have the concept of the session which makes every request atomic. For accessing protected resources at the time of successful login, the Token authentication handler would issue a login-token cookie and subsequent authentication is based on a login-token cookie. With this for all request credentials are not requested till the expiry of cookie. Steps to configure the timeout for login-token is

AEM 5.6.1 or below follow https://forums.adobe.com/thread/1035785
AEM 6+ configure token expiration at http://<host>:<port>/system/console/configMgr/org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl
Also, make sure to set Token Length otherwise will throw an exception "org.eclipse.jetty.servlet.ServletHandler / java.lang.IllegalArgumentException: Invalid token ''"

Token

More details on AEM6+ refer http://jackrabbit.apache.org/oak/docs/security/authentication/tokenmanagement.html
aem4beginner.blogspot


By aem4beginner
Posted by at icon18_email
Labels: ,

No comments:

Post a Comment

If you have any doubts or questions, please let us know.

Ad Blocker Detected :(

Please consider supporting us by disabling your ad blocker.

Please Disable your adblocker and Refresh the page to view the site content.