1. Security Administration Guide
  2. How a Node Validates an Authenticate Token

How a Node Validates an Authenticate Token

The node validates an authenticate token by checking whether:

  • The token signature has been changed.

  • The token is expired.

  • The token is generated by a trusted node.

This diagram is an example of token validation in a multiple node setup:

Token validation in a multiple node setup

According to this configuration, the following tokens are validated by a node:

  • Node A validates tokens generated by node B and node C if received less than 30 minutes from generation.

  • Node B validates tokens generated by node A if received less than 60 minutes from generation.

  • Node C validates tokens generated by node B if received less than 90 minutes from generation.

The following tokens are not validated by a node:

  • Node B cannot accept a token generated by node C, even though node C trusts node B.

  • A node will not accept a token if the time between its generation and reception by the node is greater than the token lifetime set for that node. For example, node A cannot accept a token from node B if the token was generated more than 30 minutes prior to being received by node A.

    Note: No node will accept a token if its signature has been changed. The system verifies this by comparing the token signature and the hash value of the token body.