[Active Directory] Token expiration

Forge Component
Published on 13 Jan by Renato Pauleta
17 votes
Published on 13 Jan by Renato Pauleta



The user authenticates with windows credentials and then check which role if the user has or not that role. And the action AD_GroupCheckUserExists needs a token.

The token expire(which is a good thing security wise), but i need to "update" the token manualy every week or so.


Is there any option for using the user that is already autenticated to get his roles?

Is possible to have a process that runs every week to generate a new token?



Hi Jorge,

By tokens you mean the tokens used in the AD configuration screens? Those tokens don't have expiration, they do represent a connection to the AD with optional credentials (depending if your connection requires an authenticated user to access the AD contents). If your tokens have a domain username and password and that password expires weekly then it's a different mater and you do need to update the token information.

You don't need to use these screens. You can create your own way of updating the ADAccess table and create your own mechanisms to generate and control your tokens and accesses.

The authenticated user might not have access to search the AD and you'd have to generate a new token when the user logs in with the user's credentials and then destroy the token when the user logs out or loses the session.

When you mention get the user's roles you mean the groups is in? If yes, then I would use the AD_UserGetGroups.

I hope I've helped a bit. 


Hi Renato,

Yes you give me some ideas how to solve it.

Thanks for the help