Once I have generated an OTCSTICKET via the REST call to "/api/v1/auth", is there a default time until it expires or can the valid lifetime be configured ?
Hi Cameron -
Since as of CS 16.x OTDS is used for authentication: even if you don't authenticate to OTDS directly the OTDS configuration may impact session expiry (though I've not experimented exhaustively with this - in my lab the first thing I do is set everything to never expire as a matter of convenience ;-) ).
OTCSTicket returned by /api/auth returns a ticket, which uses the Cookie configuration on ?func=admin.securityvars. Including the expiration time.
Thanks all.I was thinking it was related to otds.as.sso.ttl as I am not using a browser to interact with REST but I guess I was wrong.
Hi David/Ferdinand.....I might be asking a daft question here.....but why the need for two authentication mechanisms...why aren't all auth requests done via OTDS?
I'll admit I haven't given it much thought.....but other than perhaps authenticating admin users direct against CS, why wouldn't guidance be to use OTDS to get the ticket/token?
Both tickets exist from historical reasons. CS REST API was introduced with CS 10. There was no mandatory OTDS integration that time.
If you authenticate with OTDSTicket, make a lot of calls and look for every millisecond to save, grab the OTCSTicket from the response headers of the first call and use it for the following communication. Validation of OTCSTicket needs no server round-trip to OTDS. Each CS REST call returns a fresh OTCSTicket, so that you can continue without ticket expiration, as long as you communicate constantly. If you make a couple of calls only, do not bother and use the ticket, which you can get the easiest.
