How to set the Oak login token session expiration

Description

How do I set the login-token cookie expiration for AEM? This token affects the timeout for the session for default AEM authentication (token authentication) and SAML-based authentication.

Environment

AEM 6.*

Resolution

For more documentation on the token configuration, see the api docs.

  1. Go to http://aem-host:port/system/console/configMgr/org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl and log in as admin
  2. Edit the value of the token configuration:
    1. Token Expiration=Set this to desired timeout value in milliseconds (for example 3600000 would be 1 hour)
    2. Token Length=8
    3. Hash Iterations=1000
    4. Hash Salt Size=8

Note: The default token expiration timefor AEM is 43200000 ms (12 hours).
3. Once you edit the TokenConfiguration from the OSGI console, the file /apps/system/config/org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl.config is created in the JCR repository.
4. Go to http://aem-host:port/crx/de/index.jsp
5. Browse to and open this file /apps/system/config/org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl.config
6. If the field passwordHashAlgorithm exists in the file, then remove that line and save.  For example, now your file might look like this:

passwordHashIterations=I"1000"

tokenExpiration="3600000"

tokenLength="8"

passwordSaltSize=I"8"

On this page

Adobe Summit Banner

A virtual event April 27-28.

Expand your skills and get inspired.

Register for free
Adobe Summit Banner

A virtual event April 27-28.

Expand your skills and get inspired.

Register for free
Adobe Maker Awards Banner

Time to shine!

Apply now for the 2021 Adobe Experience Maker Awards.

Apply now
Adobe Maker Awards Banner

Time to shine!

Apply now for the 2021 Adobe Experience Maker Awards.

Apply now