1488 shaares
94 private links
94 private links
2 results
tagged
rte
It turns out that the clou of the solution was in this little piece: security.oauth20.token.limit.error. The users were running into a limit.
The OAuth token limit is set in the <DMGR profile path>/config/cells/<yourCell>/oauth20/connectionsProvider.xml file:
<!-- optional limit for the number of tokens a user/client/provider combination can be issued -->
<parameter name="oauth20.token.userClientTokenLimit" type="ws" customizable="true">
<value>250</value>
</parameter>
The default value is ‘250’. The recommended value is ‘500’. You can see if your users were indeed running into this limit by running the following SQL query (query based on MS SQL server, but pretty similar in DB2 or Oracle):
Extending OAuth Cache count to 500
Sort all tokens by username and count:
SELECT authCache.USERNAME, person.DISPLAYNAME, COUNT(*) AS tokens
FROM HOMEPAGE.OH2P_CACHE AS authCache
INNER JOIN HOMEPAGE.LOGINNAME AS loginName ON (loginName.LOGINNAME = authCache.USERNAME)
INNER JOIN HOMEPAGE.PERSON AS person on(person.PERSON_ID = loginName.PERSON_ID)
GROUP BY authCache.USERNAME, person.DISPLAYNAME
ORDER BY COUNT(*) DESC
Show token count for single user
SELECT count(*) FROM HOMEPAGE.OH2P_CACHE WHERE clientid = 'conn-rte' AND USERNAME = 'username'
Delete tokens for single user:
DELETE FROM HOMEPAGE.OH2P_CACHE WHERE clientid = 'conn-rte' AND USERNAME = 'username'
Solution:
Edit /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/<cellname>/oauth20/connectionsProvider.xml
and set
<!-- optional limit for the number of tokens a user/client/provider combination can be issued -->
<parameter name="oauth20.token.userClientTokenLimit" type="ws" customizable="true">
<value>250</value>
</parameter>
this value to 500!
news-config.xml
:
<!-- Each month a scheduled task runs to cleanup the oauth 2P Cache table in Homepage. -->
<task description="Job to clean up the OAuth 2P Cache" enabled="true" interval="0 0 6 ? * SUN" mbeanMethodName="" name="OAuth2PCacheCleanup" scope= "cluster" serverName="unsupported" startby="" targetName="ScheduledTaskService" type="internal">
</task>