Authentication cache settings
Use this page to specify your authentication cache settings.
To view this administrative console page, click .
Enable authentication cache
Specifies whether to disable the authentication cache.
Leave the authentication cache enabled for performance reasons. However, you can disable the authentication cache for debug or measurement purposes. When this choice is disabled, the performance is impacted since whenever a user is authenticated the user registry is accessed to gather information about the user. New tokens are then created for the user.
| Information | Value |
|---|---|
| Default: | Enabled |
Cache timeout:
Specifies the time period at which the authenticated credential in the cache expires. Verify that this time period is less than the value for the Timeout value for forwarded credentials between servers field (the LTPA timeout).
If the application server infrastructure security is enabled, the security cache (WSSecureMap) timeout can influence performance. The timeout setting specifies how often to refresh the security-related caches. Security information pertaining to beans, permissions, and credentials is cached. When the cache timeout expires, all cached information not accessed within the timeout period is purged from the cache. Subsequent requests for the information result in a database lookup. On occasion, acquiring the information requires invoking a Lightweight Directory Access Protocol (LDAP)-bind or native authentication. Both invocations are relatively costly operations for performance. Determine the best trade-off for the application by looking at usage patterns and security needs for the site.
- Larger authentication cache timeout values can increase the security risk. For example, you might revoke a user in the user registry or repository. However, the revoked user can log into the administrative console using the credential that is cached in the authentication cache until the cache is refreshed.
- Smaller authentication cache timeout values can affect performance. When this value is smaller, the application server accesses the user registry or repository more frequently.
- Larger numbers of entries in the authentication cache, which is due to an increased number of users, increases the memory usage by the authentication cache. Thus, the application server might slow down and affect performance.
The LTPA timeout value should be set later than the ORB request timeout value. However, there is no relation between the security cache timeout value and the ORB request timeout value. For more information on the LTPA timeout value, see the documentation about authentication mechanisms and expiration. For more information on the ORB request timeout value, see the documentation about the Object Request Broker service settings.
| Information | Value |
|---|---|
| Default: | 10 minutes |
Initial cache size:
Specifies the initial size of the hash table caches.
A greater number of available hash values might decrease the occurrence of hash collisions. A hash collision results in a linear search for the hash bucket, which might decrease the retrieval time. If several entries compose a hash table cache, create a table with a larger capacity that supports more efficient hash entries instead of allowing automatic rehashing determine the growth of the table. Rehashing causes every entry to move each time.
| Information | Value |
|---|---|
| Default: | 50 |
Maximum cache size
Indicates the maximum size of the cache.
After this limit is reached, the least used entries are removed from the cache to make space for the new entries.
| Information | Value |
|---|---|
| Default: | 25000 |
Use basic authentication cache keys (password one-way hashed):
Caches the userName and the one-way hashed password as the key lookup in the cache.
Disable this only if you do not want this information to be stored in the cache. If this is disabled, every time a user logs in with userName and password, the user registry is accessed, which impacts performance.
| Information | Value |
|---|---|
| Default: | True |