Le 17/12/2021 à 18:07, Sandro Bonazzola a écrit :

Il giorno gio 16 dic 2021 alle ore 23:08 Nathanaël Blanchet <blanchet@abes.fr <mailto:blanchet@abes.fr>> ha scritto:

Hello there is not a lot informations about Oauth token except I found they expire after 30 minuts of inactivity. I'd like to change this value if possible to a dedicate lifetime. Usually this kind of change is done with engine-config but no such item is currently available. Is it possible?

engine-config is still there: # rpm -qf /usr/bin/engine-config ovirt-engine-tools-4.5.0-0.2.master.20211215083937.gitafa2fd24e6.el8.noarch

It is not about the engine-config command itsself but about the way to configure the oauth2 token lifetime. I mean, we usually use the engine-config for this kind of thing, but it seems there is currently no way to do this with engine-config. Where can I configure this?

--

Sandro Bonazzola

MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV

Red Hat EMEA <https://www.redhat.com/>

sbonazzo@redhat.com <mailto:sbonazzo@redhat.com>

<https://www.redhat.com/>

*Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours. * *

*

-- Nathanaël Blanchet Supervision réseau SIRE 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14 blanchet@abes.fr

Hi, After some digging I learned that 30 minutes default refers to default user session timeout and that is not the actual OAuth token timeout. However, user session timeout defines when a user should be logged out in general. User session length in minutes can be set by: $ engine-config -s UserSessionTimeOutInterval=123 OAuth token timeout (in seconds) is set by default as: SSO_TOKEN_TIMEOUT=360000 From what I see that timeout is used to cleanup inactive tokens (perhaps that's the reason why it is set to such a big value) If you want to experiment with it's length, you can define it somewhere under /etc/ovirt-engine/engine.conf.d/99-your-custom.conf Unfortunately I must admit it's a bit confusing (unless I am reading this code wrong). Artur On Mon, Dec 20, 2021 at 6:16 PM Sandro Bonazzola <sbonazzo@redhat.com> wrote:

Il giorno lun 20 dic 2021 alle ore 10:54 Nathanaël Blanchet < blanchet@abes.fr> ha scritto:

...

Le 17/12/2021 à 18:07, Sandro Bonazzola a écrit :

Il giorno gio 16 dic 2021 alle ore 23:08 Nathanaël Blanchet < blanchet@abes.fr> ha scritto:

...

Hello there is not a lot informations about Oauth token except I found they expire after 30 minuts of inactivity. I'd like to change this value if possible to a dedicate lifetime. Usually this kind of change is done with engine-config but no such item is currently available. Is it possible?

engine-config is still there: # rpm -qf /usr/bin/engine-config

ovirt-engine-tools-4.5.0-0.2.master.20211215083937.gitafa2fd24e6.el8.noarch

It is not about the engine-config command itsself but about the way to configure the oauth2 token lifetime. I mean, we usually use the engine-config for this kind of thing, but it seems there is currently no way to do this with engine-config.

Where can I configure this?

+Artur Socha <asocha@redhat.com> +Martin Perina <mperina@redhat.com> ?

...

--

Sandro Bonazzola

MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV

Red Hat EMEA <https://www.redhat.com/>

sbonazzo@redhat.com <https://www.redhat.com/>

*Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours. *

-- Nathanaël Blanchet

Supervision réseau SIRE 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax 33 (0)4 67 54 84 14blanchet@abes.fr

--

Sandro Bonazzola

MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV

Red Hat EMEA <https://www.redhat.com/>

sbonazzo@redhat.com <https://www.redhat.com/>

*Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours.*

-- Artur Socha Senior Software Engineer, RHV Red Hat