---
title: OpenToken Token Processor Settings Reference
description: Field descriptions for the OpenToken Token Processor configuration screen.
component: opentoken
page_id: opentoken:setup:pf_opentoken_token_processor_settings
canonical_url: https://docs.pingidentity.com/integrations/opentoken/setup/pf_opentoken_token_processor_settings.html
revdate: June 21, 2024
---

# OpenToken Token Processor Settings Reference

Field descriptions for the OpenToken Token Processor configuration screen.

**Standard fields**

| Field            | Description                                                                             |
| ---------------- | --------------------------------------------------------------------------------------- |
| Password         | The password to use for generating the encryption key. Also known as the shared secret. |
| Confirm Password | Must match the value entered in the Password field.                                     |

**Advanced fields**

| Field                              | Description                                                                                                                                                                                                                                     |
| ---------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Cipher Suite                       | The algorithm, cipher mode, and key size that should be used for encrypting the token.The default selected value is AES-128/CBC.                                                                                                                |
| Token Lifetime                     | The duration in seconds for which the token is valid. Valid range is 1 to 28800.The default value is `300` (5 minutes).                                                                                                                         |
| Session Lifetime                   | The duration in seconds for which the token may be re-issued without authentication. Valid range is 1 to 259200.The default value is `43200` (12 hours).                                                                                        |
| Not Before Tolerance               | The amount of time in seconds to allow for clock skew between servers. Valid range is 0 to 3600.The default value is `0`.                                                                                                                       |
| Force SunJCE Provider              | If selected, the SunJCE provider is forced for encryption and decryption.                                                                                                                                                                       |
| Use Verbose Error Messages         | If selected, use verbose TokenException messages.                                                                                                                                                                                               |
| Obfuscate Password                 | If selected, the password will be obfuscated and password-strength validation will be applied. Clearing the checkbox allows backward compatibility with previous OpenToken agents.                                                              |
| Skip Malformed Attribute Detection | If not selected, it prevents insecure content from affecting the security of your application/agent. It is recommended to update your applications with the latest version of the agent.It is recommended to not change the value of this flag. |