This knowledge article may contain information that does not apply to version 21.05 or later which runs in a container environment. Please refer to Article Number 000385088 for more information about troubleshooting BMC products in containers.

For 9.1.00 ...Till 9.1.05 ( includes 1802, 1805 )   Release:
The JWT token expiry is governed by the configuration parameter “External-Authentication-Sync-Timeout” in the ar.cfg/ar.conf file. 
The default value of this parameter is 3600 seconds. There is no max limit. If you set this value to 0 then it will go to the default 3600 seconds as well.
REST API tokens will expire at whatever value is set in this parameter.

For Remedy AR System Server 1808, 1902, and forward releases(9.1.06 or higher) :
With former remedy releases, we have a separate parameter to control the specific restAPI session and we do not need to change the complete external authentication sync timeout.

It is recommended to perform configuration in the Centralized Configuration under the correct component name. Manually adding these parameters to ar.cfg/conf may not work.

Under the centralized configuration console in the AR system Administration settings

1) Select com.bmc.arsys.server.shared component settings.

2) Add Rest-Authentication-Token-Timeout, the value is to be specified in seconds.
For instance, for 2 hours of timeout for a restAPI user session, the customer can set Rest-Authentication-Token-Timeout as 7200.
The maximum allowed value for this parameter is 28800 (8 hours).
When a value greater than 28800 (8 hours) is set, it will be reset to this value after saving the configuration because 28800 is the maximum value that can be set for this configuration.

Related information:
Remedy - AR System Mid Tier - What are the impacts of using a large Rest-Authentication-Token-Timeout value in BMC Remedy AR System?

3) Add  Session-Absolute-Timeout, the value is to be specified in seconds.
For instance, for 2 hours of timeout for restAPI user session, the customer can set Session-Absolute-Timeout as 7200.

Adding a Note :- If a customer is a SaaS Customer and customer's RSSO is on a shared RSSO, then these parameters can not be set to a shared RSSO.

>> Firstly, the RSSO will be needed to switched to a dedicated RSSO.