Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-20689

The value set in the property "artifactory.access.token.non.admin.max.expires.in=300" not being picked up.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      A possible workaround is at the end of the description.

      As per our confluence page:

      "Non-admin users, can only set the token validity period to a value that is equal or less than the maximum allowed value. This can be specified by setting the artifactory.access.token.non.admin.max.expires.in parameter in the $ARTIFACTORY_HOME/etc/artifactory.system.properties file (default: 3600)."

      However, when we are trying to create an access token for a user, the default value is set to 3600 to the access token, even after we have set the property "artifactory.access.token.non.admin.max.expires.in=300" in the $ARTIFACTORY_HOME/etc/artifactory.system.properties file.

      Steps to reproduce:

      1. Set the property "artifactory.access.token.non.admin.max.expires.in=300" in the $ARTIFACTORY_HOME/etc/artifactory.system.properties file.
      2. Create users as user1 or user2 in Artifactory.
      3. Create a group as testGroup in Artifactory.
      4. Run the command to create an access token for the user without "expires_in=300" in the command:
        $curl -uadmin -XPOST "http://localhost:8081/artifactory/api/security/token" -d "username=user1" -d "scope=member-of-groups:testGroup" -d "refreshable=true"
        Enter host password for user 'admin':
      {   "scope" : "member-of-groups:testGroup api:*",   "access_token" : "xxxxx",   *"expires_in" : 3600,*   "token_type" : "Bearer" }

      In the above, it can be seen that the default value is set to 3600 seconds which is one hour.

      1. When we explicitly mention the "expires_in=300" in the curl command, then only the access token is being created for 300 seconds.

      $ curl -uadmin -XPOST "http://localhost:8081/artifactory/api/security/token" -d "username=test1" -d "scope=member-of-groups:testGroup" -d "refreshable=true" -d "expires_in=300"

      Enter host password for user 'admin':

      {   "scope" : "member-of-groups:testGroup api:*",   "access_token" : "xxxxx",   *"expires_in" : 300,*   "token_type" : "Bearer" }

      Which means the property set in the artifactory.system.properites file is not being picked up.

       

      Possible workaround:

      Check the config descriptor and search for the following parameter:

      <userTokenMaxExpiresInMinutes>60</userTokenMaxExpiresInMinutes>

      If it is found in the config descriptor please delete it. 

      This should solve the issue. 

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            swarnenduk Swarnendu Kayal
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: