Correct SessionCredentialLifetime is in seconds. We can verify the lifetime of the acquired credential as well and the AuthServer is providing the detail as expected.
From the Console when you login ensure you select "Save credential from this session" in the "Options" area. Then you'll be able to view details in the "Credentials" tab.
From the commandline you can run "blcred cred -list" to list details of the currently stored credential also.
I verified the "Save credential from this session" is checked. I deleted the cached credentials, then reconnected and verified my session in the "Credentials" tab. The expiration date was 10 minutes in the future....
The buggy part though is, when I tried issuing the blcred command from the application server it returned the following error output:
2014-04-23 08:35:49,584 WARN [main] (BlLogger.java:152) - Cannot parse the session credential cache.
The session credential cache is empty
Looks like something may have been corrupted during the upgrade? We are using Active Directory domain authentication, does this have an impact on if/how those sessions are stored on the server?
On the appserver, had you run blcred to get creds ? if you didn’t there’s not going to be a cached credential..
What is the ‘maximumsessioncredentiallifetime’ set to in blasadmin ?
Bill - yep that was it. I missed that option, I saw "SessionCredentialLifetime", but not "MaximumSessionCredentialLifetime". It was at 10 (surprise!) and I set it to 480. When I reconnected and checked the session expiration it was indeed set correctly.
So that's good to know it was just a config setting, but can you clarify exactly what the difference between those two options are? The wording on the help text from blasadmin isn't clear to me:
MaximumSessionCredentialLifetime - Maximum validity period of single sign-on session credentials. Once this timeout is reached a session credential can no longer be refreshed.
SessionCredentialLifetime - Validity period of single sign-on session credentials. Default value is 600.
Essentially I want an 8-hour expiration on the client sessions. I had previously set "SessionCredentialLifetime" to 28800, but should that remain the default value of 600 and I just adjust "MaximumSessionCredentialLifetime" or do they both need to be set together, etc?