7:07 p.m.
Il giorno gio 16 dic 2021 alle ore 23:08 Nathanaël Blanchet <
blanchet(a)abes.fr> ha scritto:
Hello there is not a lot informations about Oauth token except I
found
they expire after 30 minuts of inactivity. I'd like to change this value if
possible to a dedicate lifetime. Usually this kind of change is done with
engine-config but no such item is currently available. Is it possible?
engine-config is still there:
# rpm -qf /usr/bin/engine-config
ovirt-engine-tools-4.5.0-0.2.master.20211215083937.gitafa2fd24e6.el8.noarch
--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
Red Hat EMEA <https://www.redhat.com/>
sbonazzo(a)redhat.com
<https://www.redhat.com/>
*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.*
11:53 a.m.
Le 17/12/2021 à 18:07, Sandro Bonazzola a écrit :
Il giorno gio 16 dic 2021 alle ore 23:08 Nathanaël Blanchet
<blanchet(a)abes.fr <mailto:blanchet@abes.fr>> ha scritto:
Hello there is not a lot informations about Oauth token except I
found they expire after 30 minuts of inactivity. I'd like to
change this value if possible to a dedicate lifetime. Usually this
kind of change is done with engine-config but no such item is
currently available. Is it possible?
engine-config is still there:
# rpm -qf /usr/bin/engine-config
ovirt-engine-tools-4.5.0-0.2.master.20211215083937.gitafa2fd24e6.el8.noarch
It is not about the engine-config command itsself but about the way to
configure the oauth2 token lifetime. I mean, we usually use the
engine-config for this kind of thing, but it seems there is currently no
way to do this with engine-config.
Where can I configure this?
--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
Red Hat EMEA <https://www.redhat.com/>
sbonazzo(a)redhat.com <mailto:sbonazzo@redhat.com>
<https://www.redhat.com/>
*Red Hat respects your work life balance. Therefore there is no need
to answer this email out of your office hours.
*
*
*
--
Nathanaël Blanchet
Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14
blanchet(a)abes.fr
7:15 p.m.
Il giorno lun 20 dic 2021 alle ore 10:54 Nathanaël Blanchet <
blanchet(a)abes.fr> ha scritto:
Le 17/12/2021 à 18:07, Sandro Bonazzola a écrit :
Il giorno gio 16 dic 2021 alle ore 23:08 Nathanaël Blanchet <
blanchet(a)abes.fr> ha scritto:
> Hello there is not a lot informations about Oauth token except I found
> they expire after 30 minuts of inactivity. I'd like to change this value if
> possible to a dedicate lifetime. Usually this kind of change is done with
> engine-config but no such item is currently available. Is it possible?
>
>
engine-config is still there:
# rpm -qf /usr/bin/engine-config
ovirt-engine-tools-4.5.0-0.2.master.20211215083937.gitafa2fd24e6.el8.noarch
It is not about the engine-config command itsself but about the way to
configure the oauth2 token lifetime. I mean, we usually use the
engine-config for this kind of thing, but it seems there is currently no
way to do this with engine-config.
Where can I configure this?
+Artur Socha <asocha(a)redhat.com> +Martin Perina <mperina(a)redhat.com> ?
--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
Red Hat EMEA <https://www.redhat.com/>
sbonazzo(a)redhat.com
<https://www.redhat.com/>
*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours. *
--
Nathanaël Blanchet
Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5
Tél. 33 (0)4 67 54 84 55
Fax 33 (0)4 67 54 84 14blanchet(a)abes.fr
--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
Red Hat EMEA <https://www.redhat.com/>
sbonazzo(a)redhat.com
<https://www.redhat.com/>
*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.*
4:11 p.m.
Hi,
After some digging I learned that 30 minutes default refers to default user
session timeout and that is not the actual OAuth token timeout. However,
user session timeout defines when a user should be logged out in general.
User session length in minutes can be set by:
$ engine-config -s UserSessionTimeOutInterval=123
OAuth token timeout (in seconds) is set by default as:
SSO_TOKEN_TIMEOUT=360000
From what I see that timeout is used to cleanup inactive tokens (perhaps
that's the reason why it is set to such a big value)
If you want to experiment with it's length, you can define it somewhere
under /etc/ovirt-engine/engine.conf.d/99-your-custom.conf
Unfortunately I must admit it's a bit confusing (unless I am reading this
code wrong).
Artur
On Mon, Dec 20, 2021 at 6:16 PM Sandro Bonazzola <sbonazzo(a)redhat.com>
wrote:
Il giorno lun 20 dic 2021 alle ore 10:54 Nathanaël Blanchet <
blanchet(a)abes.fr> ha scritto:
>
> Le 17/12/2021 à 18:07, Sandro Bonazzola a écrit :
>
>
>
> Il giorno gio 16 dic 2021 alle ore 23:08 Nathanaël Blanchet <
> blanchet(a)abes.fr> ha scritto:
>
>> Hello there is not a lot informations about Oauth token except I found
>> they expire after 30 minuts of inactivity. I'd like to change this value if
>> possible to a dedicate lifetime. Usually this kind of change is done with
>> engine-config but no such item is currently available. Is it possible?
>>
>>
> engine-config is still there:
> # rpm -qf /usr/bin/engine-config
>
> ovirt-engine-tools-4.5.0-0.2.master.20211215083937.gitafa2fd24e6.el8.noarch
>
> It is not about the engine-config command itsself but about the way to
> configure the oauth2 token lifetime. I mean, we usually use the
> engine-config for this kind of thing, but it seems there is currently no
> way to do this with engine-config.
>
> Where can I configure this?
>
+Artur Socha <asocha(a)redhat.com> +Martin Perina <mperina(a)redhat.com> ?
>
>
> --
>
> Sandro Bonazzola
>
> MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
>
> Red Hat EMEA <https://www.redhat.com/>
>
> sbonazzo(a)redhat.com
> <https://www.redhat.com/>
>
> *Red Hat respects your work life balance. Therefore there is no need to
> answer this email out of your office hours. *
>
>
> --
> Nathanaël Blanchet
>
> Supervision réseau
> SIRE
> 227 avenue Professeur-Jean-Louis-Viala
> 34193 MONTPELLIER CEDEX 5
> Tél. 33 (0)4 67 54 84 55
> Fax 33 (0)4 67 54 84 14blanchet(a)abes.fr
>
>
--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
Red Hat EMEA <https://www.redhat.com/>
sbonazzo(a)redhat.com
<https://www.redhat.com/>
*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.*
--
Artur Socha
Senior Software Engineer, RHV
Red Hat
1067
days inactive
1072
days old
4 comments
3 participants
participants (3)
-
Artur Socha -
Nathanaël Blanchet -
Sandro Bonazzola