BookmarkSubscribeRSS Feed
paterd2
Obsidian | Level 7

In 3.5 I had the option to configure session timeout.

In viya 2021 we want to increase the session timeout from 30 minutes to 4 hours.

How can I do this in version 2021+ ?

 

Regards,

 

Dik Pater

 

9 REPLIES 9
gwootton
SAS Super FREQ
Is this the option you are talking about?

Set Time-Out Interval for SAS Viya Web Applications
https://go.documentation.sas.com/doc/en/sasadmincdc/v_026/evfun/p19rd04uy9qnlkn10vwoajl66nxq.htm#n0d...
--
Greg Wootton | Principal Systems Technical Support Engineer
paterd2
Obsidian | Level 7

Mr. Gwooton.

Yes, but it is not working in our environment ( 2021.2 ).

We used 450m, now I put 30000s for studio analytics and for logon server I used 40000s.

The property is servlet.session.timeout

We have to restart some things.

I'll will reply if this succeeds.

gwootton
SAS Super FREQ
Making a change to a service configuration should trigger it to read in the new value automatically, so it shouldn't need a restart. Do you have any session timeout settings in your cloud provider configuration that could be impacting the session?
--
Greg Wootton | Principal Systems Technical Support Engineer
paterd2
Obsidian | Level 7

Mr G Wooton,

a late reply.

I used  http.session.maxAge 7h for all except logon 8h.

            servlet.session.timeout 7h for all except logon 8h.

The documentation says : 

If you change the global time-out interval, you must restart all services in order for the change to take effect for any new sign-ins. If you change the interval for specific services, you must restart the services that you changed. For the http.session.maxAge property, the services are automatically restarted after you save the change.

 

So in this case they all get restarted.

 

I will post the result here.

Dik

 

 

paterd2
Obsidian | Level 7

It is still  not working.

We will make a sas-ticket for support.

gwootton
SAS Super FREQ
Note that servlet.session.timeout expects a unit (i.e. 7h, 25200s, 420m) whereas http.session.maxAge is always represented in seconds without a unit (25200 would be 7 hours, 28800 for 8 hours)
--
Greg Wootton | Principal Systems Technical Support Engineer
paterd2
Obsidian | Level 7

Mr G Wooton

I found another config item , I will test this in combination with above.

I let you know the results.

 

Regards,

Dik Pater

 

SAS Help Center: How To

 

Configure the HTTP Session Time-out Interval

  1. In the Definitions list, select server.
  2. In the top right corner of the window, click New Configuration.
  3. In the New server Configuration dialog box, click 
     

     

    .
  4. In the Choose Services dialog box, complete the following:
    1. Search for and then select SAS Logon Manager.
    2. Click 
       

       

      .
    3. Click OK.
  5. In the New server Configuration dialog box, click 
     

     

     to add a new property.
  6. In the Add Property dialog box, complete the following:
    1. In the Name field, enter session.timeout.
    2. In the Value field, enter the amount of time a session has to be idle before it times out, in seconds.
    3. Click Save.
  7. In the New server Configuration dialog box, click Save.
  8. Restart all services to reflect the new time-out interval. For more information, see Operate a Specific Server or Service in SAS Viya: General Servers and Services.
paterd2
Obsidian | Level 7

Mr. Wooton,

The following combination worked for us.

Thanks .

 

For all except SASLogon, opendistro, opendistroDiscovery

 

For only SASLogon

 

paterd2
Obsidian | Level 7

We had to add the following. This changed to default 1 hour.

 

Authentication timeout:

Dit gaat door via Environment manager de volgende instellingen te wijzigen: Configuratie instellingen → SAS Logon Manager

  New Configuration → kies voor sas.logon.jwt

  vul in bij :

  policy.accessTokenValiditySeconds: 28800                     (8 uur)

  policy.global.accessTokenValiditySeconds: 28800       (8 uur)

 

Extract from : Tuning the authentication timeout for long-running jobs (sas.com)

With security being at the front and center of most SAS decisions, SAS is gradually reducing the default expiration for Access Tokens from the original value of 10 hours. Shorter-lived tokens reduce the window that a compromised token can be used by an attacker. To avoid possible disruption, this change is being implemented in steps. As of the stable release 2021.2.4 (February 2022), the Access Token default lifetime is decreased to 4 hours; in a later release, it will be further reduced to 1 hour.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 9 replies
  • 7553 views
  • 3 likes
  • 2 in conversation