Show TOC

 Configuring the Validity Period of Logon TicketsLocate this document in the navigation structure


To reduce the risk malicious users reusing logon tickets in replay attacks, reduce the validity period of the logon tickets. The default validity period is eight hours.

  • This procedure requires you to restart the SAP NetWeaver Application Server (AS) Java, so you should plan for the required downtime while the AS Java restarts.
  • You have configured the AS Java to support Single Sign-On (SSO) with logon tickets.
  1. Configure the required UME properties.

    For more information about editing UME properties, Editing UME Properties .

    Set the UME property ume.admin.login.ticket_lifetime . You can set hours and minutes.



  2. Restart the AS Java.