Set authentication timeout

You can change the lifetime of REST API authentication sessions and security tokens. By default, the session lifetime is 10 minutes and the token lifetime is 30 minutes.

Note

Out of the box, only Adaxes service administrators have the rights to configure REST API. Other users can be granted such rights using a security role with the Write all properties permission assigned over Configuration objects.

Change settings

Session lifetime

To change the authentication session lifetime, execute the following script and restart IIS on the computer where REST API component is installed.

In the script:

  • $serviceHost – the host name of the computer where the Adaxes service is installed.
  • $lifetimeMin – the authentication session lifetime in minutes.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$serviceHost = "localhost" 
$lifetimeMin = 5 

# Connect to the Adaxes service.
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly($serviceHost)

# Prompt for credentials.
$credential = Get-Credential

# Bind to the REST API configuration container.
$containerPath = $admService.Backend.GetConfigurationContainerPath("ClientAppsContainer")
$container = $admService.OpenObject($containerPath, $credential.UserName,`
    $credential.GetNetworkCredential().Password, 0)
$restApi = $container.RestApi

# Set session lifetime.
$parameters = $restApi.AdvancedParameters
$sessionLifeTime = $parameters.GetParameter("Security.SignInSessionLifeTime")
$sessionLifeTime.Value = $lifetimeMin
$parameters.SetParameter($sessionLifeTime)

# Save changes.
$restApi.AdvancedParameters = $parameters
$restApi.SetInfo()

Note

After executing the script, restart IIS on the computer where REST API component is installed.

Token lifetime

To change the security token lifetime, execute the following script and restart IIS on the computer where REST API component is installed.

In the script:

  • $serviceHost – the host name of the computer where the Adaxes service is installed.
  • $lifetimeMin – the security token lifetime in minutes.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$serviceHost = "localhost" 
$lifetimeMin = 60 

# Connect to the Adaxes service.
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly($serviceHost)

# Prompt for credentials.
$credential = Get-Credential

# Bind to the REST API configuration container.
$containerPath = $admService.Backend.GetConfigurationContainerPath("ClientAppsContainer")
$container = $admService.OpenObject($containerPath, $credential.UserName,`
    $credential.GetNetworkCredential().Password, 0)
$restApi = $container.RestApi

# Set token lifetime.
$parameters = $restApi.AdvancedParameters
$tokenLifeTime = $parameters.GetParameter("Security.AuthTicketLifeTime")
$tokenLifeTime.Value = $lifetimeMin
$parameters.SetParameter($tokenLifeTime)

# Save changes.
$restApi.AdvancedParameters = $parameters
$restApi.SetInfo()

Note

After executing the script, restart IIS on the computer where REST API component is installed.

View current settings

Execute the following script. In the script:

  • $serviceHost – the host name of the computer where the Adaxes service is installed.
[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$serviceHost = "localhost" 

# Connect to the Adaxes service.
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly($serviceHost)

# Prompt for credentials.
$credential = Get-Credential

# Bind to the REST API configuration container.
$containerPath = $admService.Backend.GetConfigurationContainerPath("ClientAppsContainer")
$container = $admService.OpenObject($containerPath, $credential.UserName,`
    $credential.GetNetworkCredential().Password, 0)
$restApi = $container.RestApi

# Session lifetime
$parameters = $restApi.AdvancedParameters
$sessionLifeTime = $parameters.GetParameter("Security.SignInSessionLifeTime")
if (-not $sessionLifeTime.Value)
{
    $sessionLifeTime.Value = 10 # default
}
Write-Host "Session lifetime: $($sessionLifeTime.Value) min"

# Token lifetime
$tokenLifeTime = $parameters.GetParameter("Security.AuthTicketLifeTime")
if (-not $tokenLifeTime.Value)
{
    $tokenLifeTime.Value = 30 # default
}
Write-Host "Security token lifetime: $($tokenLifeTime.Value) min"