Solved

Does FME Server Token Reset?

J
Badge +1

I changed the FME Server token MAX_EXPIRATION parameter to 20 years based on the steps outlined in this help page: https://knowledge.safe.com/articles/919/setting-the-maximum-expiration-for-fme-token-servi.html

However, the token that I set a month ago has now changed to a new token. I have two questions:

1. Is it valid to set the MAX_EXPIRATION parameter greater than two years as the above article suggests?

2. Is changing the token the desired behaviour by FME Server? I would expect that when a token expires it simply becomes invalid, and does not create a new token.

I am using FME Server 2016.1.3.1.

Thanks

icon

Best answer by jlutherthomas 5 July 2017, 19:10

View original

13 replies

geosander
Badge
So you set the value to 630720000 seconds?
J
Badge +1

Yes @sander_s, I set the MAX_EXPIRATION to 630720000.

steveatsafe
Rank
Badge +11
Did you regenerate the token after you set the MAX_EXPIRATION parameters?
SteveatSafe
J
Badge +1

@SteveAtSafe, I created a new token for an account that had never had a token. I did it after I changed the MAX_EXPIRATION and restarted FME Server.

david_r
Rank
Userlevel 4

I don't have an installation of FME Server in front of me right now, but I'd start looking inside the FME Server internal postgresql database, I'm pretty sure the tokens are registered there. Maybe it's possible to see the duration there, and if so check if there's a limit to the duration data type, or if FME Server let's you define a token for that long.

Try using pgadmin and connect to localhost (you'll have to run pgadmin on the same machine as FME Server) on port 7082, username and password is "fmeserver".

J
Badge +1

Thanks @david_r, I'll try that. However, it doesn't answer my other question: does FME Server generate a new token when the current one expires? That's what appeared to happen to my co-worker. I would expect FME Server to just let the token expire.

steveatsafe
Rank
Badge +11
@jimo

 

 

When you generated the token did you notice the expiry date. (at the bottom of the dialog)

 

 

See my example:

I used the same value as yours (20 years) in the properties file and then generated the token for 7300 days. It seems to have taken the correct expiry.

 

Steve
SteveatSafe
steveatsafe
Rank
Badge +11

Thanks @david_r, I'll try that. However, it doesn't answer my other question: does FME Server generate a new token when the current one expires? That's what appeared to happen to my co-worker. I would expect FME Server to just let the token expire.

@jimo No. FME Server won't automatically generate a token by default when one expires. Are you certain there isn't another application generating a token? Do you have custom web pages interacting with FME Server REST API that might be generating a token after a login?

 

SteveatSafe
steveatsafe
Rank
Badge +11

I don't have an installation of FME Server in front of me right now, but I'd start looking inside the FME Server internal postgresql database, I'm pretty sure the tokens are registered there. Maybe it's possible to see the duration there, and if so check if there's a limit to the duration data type, or if FME Server let's you define a token for that long.

Try using pgadmin and connect to localhost (you'll have to run pgadmin on the same machine as FME Server) on port 7082, username and password is "fmeserver".

This is possible and I've taken that route before to troubleshoot problems, or even manually change a token back to it's old value after it was errantly change, affecting dozens of web calls, but we'd prefer that a User not have to go this route.

 

To confirm I have verified that the token was set to the year 2037 in my test by looking in the database. The screen grab of the token page, shows a date at the bottom, and this will be the date stored in the database.

 

 

SteveatSafe
steveatsafe
Rank
Badge +11

@SteveAtSafe, I created a new token for an account that had never had a token. I did it after I changed the MAX_EXPIRATION and restarted FME Server.

When you created the new token, did you happen to catch the Expiration value at the bottom of the dialog (see my screenshot).
SteveatSafe
J
Badge +1

@SteveAtSafe, I created a new token for an account that had never had a token. I did it after I changed the MAX_EXPIRATION and restarted FME Server.

Yes, it said 20 years.

 

 

J
Badge +2

@jimo

 

I would check out the TOKEN_REFRESH_INTERVAL parameter:

 

http://docs.safe.com/fme/2017.0/html/FME_Server_Documentation/Content/ReferenceManual/web_application_properties_token.htm

 

 

This has been clarified in the 2017 config files (link), although is not referenced in previous versions.
J
Badge +1

@jimo

 

I would check out the TOKEN_REFRESH_INTERVAL parameter:

 

http://docs.safe.com/fme/2017.0/html/FME_Server_Documentation/Content/ReferenceManual/web_application_properties_token.htm

 

 

This has been clarified in the 2017 config files (link), although is not referenced in previous versions.
I understand what happened now. The token resets if it has not been requested within the token refresh interval, default 30 days.

 

 

However, this doesn't work for web applications that use a hardcoded token in a JavaScript file in an HTML page that uses this token to access FME Server. If the HTML page doesn't get called for 30 days, the call to FME Server will fail. You would have to set the token refresh interval to something like 20 years.

 

 

Reply


Community Stats

28,669
Posts
109,364
Replies
36,531
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.