Authentication cache settings


To specify the authentication cache settings.

To view this admin console page, click Security > Global security > Authentication cache settings.

Enable authentication cache

Whether to disable the authentication cache.

Leave the authentication cache enabled for performance reasons. However, we can disable the authentication cache for debug or measurement purposes. When this choice is disabled, the performance is impacted since whenever a user is authenticated the user registry is accessed to gather information about the user. New tokens are then created for the user.

Default: Enabled

Cache timeout:

Time period at which the authenticated credential in the cache expires. Verify that this time period is less than the value for the Timeout value for forwarded credentials between servers field (the LTPA timeout).

If the appserver infrastructure security is enabled, the security cache timeout can influence performance. The timeout setting specifies how often to refresh the security-related caches. Security information pertaining to beans, permissions, and credentials is cached. When the cache timeout expires, all cached information not accessed within the timeout period is purged from the cache. Subsequent requests for the information result in a database lookup. On occasion, acquiring the information requires invoking a LDAP-bind or native authentication. Both invocations are relatively costly operations for performance. Determine the best trade-off for the application by looking at usage patterns and security needs for the site.

The default security cache timeout value is 10 minutes. If we have a small number of users, it should be set higher than that, or lower if a larger number of users.

The LTPA timeout value should not be set lower than the security cache timeout. The LTPA timeout value should be set higher than the orb request timeout value. However, there is no relation between the security cache timeout value and the orb request timeout value.

Default: 10 minutes

Initial cache size:

Initial size of the hash table caches.

A higher number of available hash values might decrease the occurrence of hash collisions. A hash collision results in a linear search for the hash bucket, which might decrease the retrieval time. If several entries compose a hash table cache, create a table with a larger capacity that supports more efficient hash entries instead of allowing automatic rehashing determine the growth of the table. Rehashing causes every entry to move each time.

Default: 50

Maximum cache size

Maximum size of the cache.

After this limit is reached, the least used entries are removed from the cache to make space for the new entries.

Default: 25000

Use basic authentication cache keys (password one-way hashed):

Caches the userName and the one-way hashed password as the key lookup in the cache.

Disable this only if we do not want this information to be stored in the cache. If this is disabled, every time a user logs in with userName and password, the user registry is accessed, which impacts performance.

Default: True

Use custom cache keys:

Enables custom cache keys to be used as the key lookups in the authentication cache.

Default: True





 

Related


Security domains collection