The authentication cache stores authentication data to minimize the resource usage to
reauthenticate the same credentials.
About this task
Each entry in the cache must have a unique key. With a match against a unique key, the cache
returns the results from the previous authentication.
A protocol TTL is available only with SAML.
Depending on how you are defining the configuration, the approach differs.
- In the wizard, click Advanced.
- In the generic configuration, each authentication method provides these properties that apply to
any authentication method.
Procedure
- Specify how to manage the caching of authentication failures. By default, caches all
failures.
- Default
- Caches all failures.
- Disable for all failures
- Caches no failures.
- Disable for only LDAP connection failures
- Caches failures except LDAP connection errors. Valid only when the authentication method is
Bind to LDAP server.
- Specify how to control the caching of AAA authentication results. The default value is
absolute.
- Absolute
- Caches the results for the duration that is specified by the cache lifetime. The lifetime is the
explicit time-to-live (TTL).
- Disabled
- Disables caching. The system does not cache results.
- Maximum
- Compares the explicit TTL to the protocol TTL, if any. The effective TTL is the lesser of the
two values. If the explicit TTL is 5 and the protocol TTL is 10, uses 5. Without a protocol TTL,
equivalent to absolute.
- Minimum
- Compares the explicit TTL to the protocol TTL, if any. The effective TTL is the greater of the
two values. If the explicit TTL is 5 and the protocol TTL is 10, uses 10. Without a protocol TTL,
the effective TTL is 86400.
- Specify the duration to cache authentication decisions. Enter a value in the range 1 -
86400. The default value is 3.
- In the wizard, click Next.