Skip to main content

I changed the FME Server token MAX_EXPIRATION parameter to 20 years based on the steps outlined in this help page: https://knowledge.safe.com/articles/919/setting-the-maximum-expiration-for-fme-token-servi.html

However, the token that I set a month ago has now changed to a new token. I have two questions:

1. Is it valid to set the MAX_EXPIRATION parameter greater than two years as the above article suggests?

2. Is changing the token the desired behaviour by FME Server? I would expect that when a token expires it simply becomes invalid, and does not create a new token.

I am using FME Server 2016.1.3.1.

Thanks

So you set the value to 630720000 seconds?

Yes @sander_s, I set the MAX_EXPIRATION to 630720000.


Did you regenerate the token after you set the MAX_EXPIRATION parameters?

@SteveAtSafe, I created a new token for an account that had never had a token. I did it after I changed the MAX_EXPIRATION and restarted FME Server.


I don't have an installation of FME Server in front of me right now, but I'd start looking inside the FME Server internal postgresql database, I'm pretty sure the tokens are registered there. Maybe it's possible to see the duration there, and if so check if there's a limit to the duration data type, or if FME Server let's you define a token for that long.

Try using pgadmin and connect to localhost (you'll have to run pgadmin on the same machine as FME Server) on port 7082, username and password is "fmeserver".


Thanks @david_r, I'll try that. However, it doesn't answer my other question: does FME Server generate a new token when the current one expires? That's what appeared to happen to my co-worker. I would expect FME Server to just let the token expire.


@jimo

 

 

When you generated the token did you notice the expiry date. (at the bottom of the dialog)

 

 

See my example:

I used the same value as yours (20 years) in the properties file and then generated the token for 7300 days. It seems to have taken the correct expiry.

 

Steve

Thanks @david_r, I'll try that. However, it doesn't answer my other question: does FME Server generate a new token when the current one expires? That's what appeared to happen to my co-worker. I would expect FME Server to just let the token expire.

@jimo No. FME Server won't automatically generate a token by default when one expires. Are you certain there isn't another application generating a token? Do you have custom web pages interacting with FME Server REST API that might be generating a token after a login?

 


I don't have an installation of FME Server in front of me right now, but I'd start looking inside the FME Server internal postgresql database, I'm pretty sure the tokens are registered there. Maybe it's possible to see the duration there, and if so check if there's a limit to the duration data type, or if FME Server let's you define a token for that long.

Try using pgadmin and connect to localhost (you'll have to run pgadmin on the same machine as FME Server) on port 7082, username and password is "fmeserver".

This is possible and I've taken that route before to troubleshoot problems, or even manually change a token back to it's old value after it was errantly change, affecting dozens of web calls, but we'd prefer that a User not have to go this route.

 

To confirm I have verified that the token was set to the year 2037 in my test by looking in the database. The screen grab of the token page, shows a date at the bottom, and this will be the date stored in the database.

 

 


@SteveAtSafe, I created a new token for an account that had never had a token. I did it after I changed the MAX_EXPIRATION and restarted FME Server.

When you created the new token, did you happen to catch the Expiration value at the bottom of the dialog (see my screenshot).

@SteveAtSafe, I created a new token for an account that had never had a token. I did it after I changed the MAX_EXPIRATION and restarted FME Server.

Yes, it said 20 years.

 

 


@jimo

 

I would check out the TOKEN_REFRESH_INTERVAL parameter:

 

http://docs.safe.com/fme/2017.0/html/FME_Server_Documentation/Content/ReferenceManual/web_application_properties_token.htm

 

 

This has been clarified in the 2017 config files (link), although is not referenced in previous versions.

@jimo

 

I would check out the TOKEN_REFRESH_INTERVAL parameter:

 

http://docs.safe.com/fme/2017.0/html/FME_Server_Documentation/Content/ReferenceManual/web_application_properties_token.htm

 

 

This has been clarified in the 2017 config files (link), although is not referenced in previous versions.
I understand what happened now. The token resets if it has not been requested within the token refresh interval, default 30 days.

 

 

However, this doesn't work for web applications that use a hardcoded token in a JavaScript file in an HTML page that uses this token to access FME Server. If the HTML page doesn't get called for 30 days, the call to FME Server will fail. You would have to set the token refresh interval to something like 20 years.

 

 


Reply