Ask Your Question

Revision history [back]

Why does Openstack keystone kilo version doesn't allow expiration time greater than 30 days

I am using keystone Kilo version.

I set "expiration" parameter to 30 days in keystone.conf.

# Amount of time a token should remain valid (in seconds). (integer value)
expiration=2592000

Then I generated a token and used it in PUT/GET requested, they were successful without any problem.

Unfortunately, When I set "expiration" parameter to 31 days in keystone.conf and restart keystone. All the PUT/GET requests starts failing with 403 Forbidden. I got below error on keystone.

2017-12-17 10:10:47.821 8017 DEBUG keystone.common.controller [-] RBAC: Authorization granted inner 
/usr/lib/python2.7/dist-packages/keystone/common/controller.py:161
2017-12-17 10:10:47.824 8017 WARNING keystone.common.wsgi [-] Could not find token: 
0a9e34a2771543c0afdf2fae92e3ed3a

Is there any restriction on keystone to set expiration time to maximum of 30 days? If not, then how should I set expiration time more than 30 days.