Why does Openstack keystone kilo version doesn't allow expiration time greater than 30 days

asked 2017-12-17 00:56:16 -0500

I am using keystone Kilo version.

I set "expiration" parameter to 30 days in keystone.conf.

# Amount of time a token should remain valid (in seconds). (integer value)

Then I generated a token and used it in PUT/GET requested, they were successful without any problem.

Unfortunately, When I set "expiration" parameter to 31 days in keystone.conf and restart keystone. All the PUT/GET requests starts failing with 403 Forbidden. I got below error on keystone.

2017-12-17 10:10:47.821 8017 DEBUG keystone.common.controller [-] RBAC: Authorization granted inner 
2017-12-17 10:10:47.824 8017 WARNING keystone.common.wsgi [-] Could not find token: 

Is there any restriction on keystone to set expiration time to maximum of 30 days? If not, then how should I set expiration time more than 30 days.

edit retag flag offensive close merge delete