12.8. Configuring Session Timeouts

When a user connects to Red Hat Certificate System using the web interface or the PKI console, the server creates a session for the user. This session will automatically expire if there is no activity after a certain amount of time.
This section describes how to configure the timeout when a session expires.

12.8.1. Configuring the Session Timeout Value of the Web Interface

To customize the session timeout value:
  1. Verify that the instance-specific /var/lib/pki/instance_name/webapps/subsystem/web.xml file exists. For example:
    # ls /var/lib/pki/instance_name/webapps/web.xml
    If the file is not found:
    1. Copy the web.xml file from the shared web application directory to the instance-specific directory:
      # cp -r /usr/share/pki/subsystem/webapps/subsystem/ \
    2. Set the permissions on the /var/lib/pki/instance_name/webapps/subsystem/ folder:
      # chown -R pkiuser:pkiuser /var/lib/pki/instance_name/webapps/subsystem/
  2. Set the session-timeout parameter in the /var/lib/pki/instance_name/webapps/subsystem/web.xml file to the timeout value in minutes. For example:
  3. In the /etc/pki/instance_name/Catalina/localhost/subsystem.xml, set the docBase in the <Context> tag to the path of the customized web application folder:
    <Context docBase="/var/lib/pki/instance_name/webapps/subsystem/" crossContext="true" allowLinking="true">

12.8.2. Configuring the Session Timeout Value of the PKI Console

To configure when sessions of the PKI Console expire:
  1. Set the keepAliveTimeout parameter in the Secure connector element in the /etc/pki/instance_name/server.xml file to a value in milliseconds. For example, to set it to 5 minutes:
            <Connector name="Secure"
  2. Restart the instance:
    systemctl restart pki-tomcatd@instance_name.service