Sunday, March 6, 2011

SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: {0}

If you are seeing this exception in the logs of Websphere 7 server, it is mainly because the LTPA token has expired and therefore, it cannot be validated.

Based on different scenarios, the reason of this error may be different

1) If you are seeing it in a web application
LTPA or Lightweight Third Party Authentication is a technology used in Websphere server to re-use the login across physical servers. It is simply a cookie that contains the user authentication information. Every LTPA token has a defined period of time after which the token expires. Once the token time out is reached, the token will not be validated and the user has to authenticate again. This is normal.

2) If the instance is configured with the RTT 6.1 Management Server (MS)
WAS generates the LTPA token when you log onto the MS console. When you leave the MS console open, this token expires after a while. Then, the WAS container issues this message when it re-authenticates your logon using the same userid and password you used to log onto the MS console.

3) In a clustered environment
Websphere uses LTPA tokens to authenticate servers within the cluster and to communicate. By default, LTPA keys are regenerated on a schedule every 90 days, configurable to the day of the week.The "Authentication cache timeout" field specifies the time period during which the authenticated credential in the cache is valid. This time period must be less than the time period specified for the Timeout value for forwarded credentials between servers field.

Blog Archive