SKFS Registration process involves two web service calls. Initially, the calling application must obtain a challenge using the preregister web service. Once the authenticator signs the challenge, the application needs to call the register web service to successfully complete the registration operation. This is also true for authentication where the calling application has to first get a challenge by calling the preauthenticate web service and then once the authenticator signs this challenge, the application calls the authenticate web service to complete the transaction.
SKFS holds this challenge in a temporary map, with a default value of 30 seconds. This means that any registration or authentication process must be completed within this timeframe. However, certain deployments may require a longer duration and this can be adjusted by modifying a specific configuration property below:
skfs.cfg.property.usersession.flush.cutofftime.seconds
Follow the steps below to change this property:
Switch to (or login as) the strongkey user
shell> su - strongkey
Edit the skfs properties file
shell> vi /usr/local/strongkey/skfs/etc/skfs-configuration.properties
Set skfs.cfg.property.usersession.flush.cutofftime.seconds to the desired value (in seconds).
skfs.cfg.property.usersession.flush.cutofftime.seconds=60
Restart the GlassFish server
shell> sudo systemctl restart payara # For SKFS version 4.12 and below, use the following command instead: shell> sudo service glassfishd restart
ADDITIONAL INFORMATION
There are numerous properties that can be customized with a comprehensive overview of SKFS properties here.