12.8. Configuring Session Timeouts

When a user connects to Red Hat Certificate System using the web interface or the PKI console, the server creates a session for the user. This session will automatically expire if there is no activity after a certain amount of time.
This section describes how to configure the timeout when a session expires.

12.8.1. Configuring the Session Timeout Value of the Web Interface

To customize the session timeout value:
  1. Verify that the instance-specific /var/lib/pki/instance_name/webapps/subsystem/web.xml file exists. For example:
    # ls /var/lib/pki/instance_name/webapps/web.xml
    If the file is not found:
    1. Copy the web.xml file from the shared web application directory to the instance-specific directory:
      # cp -r /usr/share/pki/subsystem/webapps/subsystem/ \
           /var/lib/pki/instance_name/webapps/
    2. Set the permissions on the /var/lib/pki/instance_name/webapps/subsystem/ folder:
      # chown -R pkiuser:pkiuser /var/lib/pki/instance_name/webapps/subsystem/
  2. Set the session-timeout parameter in the /var/lib/pki/instance_name/webapps/subsystem/web.xml file to the timeout value in minutes. For example:
    <web-app>
         ...
         <session-config>
              <session-timeout>30</session-timeout>
         </session-config>
         ...
    </web-app>
  3. In the /etc/pki/instance_name/Catalina/localhost/subsystem.xml, set the docBase in the <Context> tag to the path of the customized web application folder:
    <Context docBase="/var/lib/pki/instance_name/webapps/subsystem/" crossContext="true" allowLinking="true">
         ...
    </Context>
    

12.8.2. Configuring the Session Timeout Value of the PKI Console

To configure when sessions of the PKI Console expire:
  1. Set the keepAliveTimeout parameter in the Secure connector element in the /etc/pki/instance_name/server.xml file to a value in milliseconds. For example, to set it to 5 minutes:
    ...
    <Server>
        <Service>
            <Connector name="Secure"
                ...
                keepAliveTimeout="300000"
                ...
                />
        </Service>
    </Server>
    ...
  2. Restart the instance:
    systemctl restart pki-tomcatd@instance_name.service