--- title: OpenToken Token Generator Settings Reference description: Field descriptions for the OpenToken Token Generator configuration screen. component: opentoken page_id: opentoken:setup:pf_opentoken_generator_settings canonical_url: https://docs.pingidentity.com/integrations/opentoken/setup/pf_opentoken_generator_settings.html revdate: June 21, 2024 --- # OpenToken Token Generator Settings Reference Field descriptions for the OpenToken Token Generator configuration screen. **Table 1. Standard fields** | Field | Description | | ---------------- | --------------------------------------------------------------------------------------- | | Password | The password to use for generating the encryption key. Also known as the shared secret. | | Confirm Password | Must match the value entered in the Password field. | **Table 2. Advanced fields** | Field | Description | | ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Cipher Suite | The algorithm, cipher mode, and key size that should be used for encrypting the token.The default selected value is AES-128/CBC. | | Token Lifetime | The duration in seconds for which the token is valid. Valid range is 1 to 28800.The default value is `300` (5 minutes). | | Session Lifetime | The duration in seconds for which the token may be re-issued without authentication. Valid range is 1 to 259200.The default value is `43200` (12 hours). | | Not Before Tolerance | The amount of time in seconds to allow for clock skew between servers. Valid range is 0 to 3600.The default value is `0`. | | Force SunJCE Provider | If selected, the SunJCE provider is forced for encryption and decryption. | | Use Verbose Error Messages | If selected, use verbose TokenException messages. | | Obfuscate Password | If selected, the password will be obfuscated and password-strength validation will be applied. Clearing the checkbox allows backward compatibility with previous OpenToken agents. | | Skip Trimming of Backslashes | If not selected, it prevents insecure content from affecting the security of your application and the agent. Update your applications with the latest version of the agent.It is recommended to not change the value of this flag to avoid a negative security impact, such as someone maliciously adding slashes to exploit the system |