vRealize Automation 8.5+ - Increase Session Timeout

By default, a vRealize Automation 8.x session will timeout after 30 minutes of inactivity. For those looking to increase the session timeout value, this hasn't been possible before vRealize Automation 8.5. This all changes with the release of vRealize Automation 8.5, as documented in the release notes here.

To increase the session timeout from the default 30 minutes, a simple API call is all that is required. The below code can be run from either the appliance directly, or from your desktop PC using cURL. Another option would be to run the same API calls in Postman.

Note: From my testing, the embedded Orchestrator session timeout value is not updated. This may be intentional or a bug.

Create Refresh Token

Create the refresh token by running either of the code blocks below, depending on if you're using a local account or a domain user account.

Local Account - Generate the access token by running the commands below, after updating the url, username and password variables.

 1url='https://vra8.homelab.local'
 2username='configadmin'
 3password='VMware1!'
 4refresh_token=`curl -X POST \
 5  "$url/csp/gateway/am/api/login?access_token" \
 6  -H 'Content-Type: application/json' \
 7  -H 'Accept: application/json' \
 8  -d '{
 9  "username": "'$username'",
10  "password": "'$password'"
11}' | jq -r .refresh_token`

Domain User Account - Generate the access token by running the commands below, after updating the url, username, password and domain variables.

 1url='https://vra8.homelab.local'
 2username='su_flynga'
 3password='VMware1!'
 4domain='homelab.local'
 5refresh_token=`curl -X POST \
 6  "$url/csp/gateway/am/api/login?access_token" \
 7  -H 'Content-Type: application/json' \
 8  -H 'Accept: application/json' \
 9  -d '{
10  "username": "'$username'",
11  "password": "'$password'",
12  "domain": "'$domain'"
13}' | jq -r .refresh_token`

Create Access Token

Once you have generated the API token, this is stored in the variable $refresh_token and is used to create an access token. Run the below command to generate your access token.

1access_token=`curl -X POST \
2  "$url/iaas/api/login" \
3  -H 'Content-Type: application/json' \
4  -H 'Accept: application/json' \
5  -d '{
6  "refreshToken": "'$refresh_token'"
7}' | jq -r .token`

Update Session Timeout

Once you have generated the access token which is now stored in the variable $access_token, run the below command to update the Session Timeout value. Change the value below to reflect the correct value for your environment, in minutes. The below example is for 6 hours, or 360 minutes.

1curl -k -s -H "Content-Type: application/json" -H "Authorization: Bearer $access_token" \
2$url/iaas/api/configuration-properties?apiVersion=2021-07-15 -X PATCH \
3-d '{"key":"SESSION_TIMEOUT_DURATION_MINUTES", "value":"360"}'

The output from the above command will show the newly applied setting.

{"key":"SESSION\_TIMEOUT\_DURATION\_MINUTES","value":"360"}

Once this has run, any new user sessions created will have the updated timeout value. There is no need to restart the server or any services / pods.

Note: If you upgrade or patch vRealize Automation, the changes may be lost and need to be completed again.

comments powered by Disqus