Interesting bit we discovered - if your super admin account's password has expired - the WSI token is rejected when authenticating until you log in thru the admin and reset the password.
Question it raises is - can we set the PasswordChanged date on that admin to 30 years ahead (or some such) and have it never expire or is there something else that triggers that reset?
Or is there some other way to authenticate that doesn't expire such as is done with a conn string in sql? Having a constantly expiring password at an application level would be very cumbersome, difficult to manage and potentially a huge issue if resources who knew the password left, etc.