[RTFACT-20689] The value set in the property "artifactory.access.token.non.admin.max.expires.in=300" not being picked up. Created: 22/Nov/19  Updated: 03/Dec/19

Status: Open
Project: Artifactory Binary Repository
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: High
Reporter: Swarnendu Kayal Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None


 Description   

A possible workaround is at the end of the description.

As per our confluence page:

"Non-admin users, can only set the token validity period to a value that is equal or less than the maximum allowed value. This can be specified by setting the artifactory.access.token.non.admin.max.expires.in parameter in the $ARTIFACTORY_HOME/etc/artifactory.system.properties file (default: 3600)."

However, when we are trying to create an access token for a user, the default value is set to 3600 to the access token, even after we have set the property "artifactory.access.token.non.admin.max.expires.in=300" in the $ARTIFACTORY_HOME/etc/artifactory.system.properties file.

Steps to reproduce:

  1. Set the property "artifactory.access.token.non.admin.max.expires.in=300" in the $ARTIFACTORY_HOME/etc/artifactory.system.properties file.
  2. Create users as user1 or user2 in Artifactory.
  3. Create a group as testGroup in Artifactory.
  4. Run the command to create an access token for the user without "expires_in=300" in the command:
    $curl -uadmin -XPOST "http://localhost:8081/artifactory/api/security/token" -d "username=user1" -d "scope=member-of-groups:testGroup" -d "refreshable=true"
    Enter host password for user 'admin':
{   "scope" : "member-of-groups:testGroup api:*",   "access_token" : "xxxxx",   *"expires_in" : 3600,*   "token_type" : "Bearer" }

In the above, it can be seen that the default value is set to 3600 seconds which is one hour.

  1. When we explicitly mention the "expires_in=300" in the curl command, then only the access token is being created for 300 seconds.

$ curl -uadmin -XPOST "http://localhost:8081/artifactory/api/security/token" -d "username=test1" -d "scope=member-of-groups:testGroup" -d "refreshable=true" -d "expires_in=300"

Enter host password for user 'admin':

{   "scope" : "member-of-groups:testGroup api:*",   "access_token" : "xxxxx",   *"expires_in" : 300,*   "token_type" : "Bearer" }

Which means the property set in the artifactory.system.properites file is not being picked up.

 

Possible workaround:

Check the config descriptor and search for the following parameter:

<userTokenMaxExpiresInMinutes>60</userTokenMaxExpiresInMinutes>

If it is found in the config descriptor please delete it. 

This should solve the issue. 


Generated at Sat Apr 04 12:01:09 UTC 2020 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.