Changing the authentication caching policy

The authentication cache stores authentication data to minimize the resource usage to reauthenticate the same credentials.

About this task

Each entry in the cache must have a unique key. With a match against a unique key, the cache returns the results from the previous authentication.

A protocol TTL is available only with SAML.

Depending on how you are defining the configuration, the approach differs.
  • In the wizard, click Advanced.
  • In the generic configuration, each authentication method provides these properties that apply to any authentication method.

Procedure

  1. Specify how to manage the caching of authentication failures. By default, caches all failures.
    Default
    Caches all failures.
    Disable for all failures
    Caches no failures.
    Disable for only LDAP connection failures
    Caches failures except LDAP connection errors. Valid only when the authentication method is Bind to LDAP server.
  2. Specify how to control the caching of AAA authentication results. The default value is absolute.
    Absolute
    Caches the results for the duration that is specified by the cache lifetime. The lifetime is the explicit time-to-live (TTL).
    Disabled
    Disables caching. The system does not cache results.
    Maximum
    Compares the explicit TTL to the protocol TTL, if any. The effective TTL is the lesser of the two values. If the explicit TTL is 5 and the protocol TTL is 10, uses 5. Without a protocol TTL, equivalent to absolute.
    Minimum
    Compares the explicit TTL to the protocol TTL, if any. The effective TTL is the greater of the two values. If the explicit TTL is 5 and the protocol TTL is 10, uses 10. Without a protocol TTL, the effective TTL is 86400.
  3. Specify the duration to cache authentication decisions. Enter a value in the range 1 - 86400. The default value is 3.
  4. In the wizard, click Next.