Use this page to specify your authentication cache settings.
To view this administrative console page, click Security > Global security > Authentication cache settings.
Specifies whether to disable the authentication cache.
Leave the authentication cache enabled for performance reasons. However, you can disable the authentication cache for debug or measurement purposes. When this choice is disabled, the performance is impacted since whenever a user is authenticated the user registry is accessed to gather information about the user. New tokens are then created for the user.
Default: | Enabled |
Specifies the time period at which the authenticated credential in the cache expires. Verify that this time period is less than the value for the LTPA timeout value for forwarded credentials between servers field (the LTPA timeout).
If the application server infrastructure security is enabled, the security cache timeout can influence performance. The timeout setting specifies how often to refresh the security-related caches. Security information pertaining to beans, permissions, and credentials is cached. When the cache timeout expires, all cached information not accessed within the timeout period is purged from the cache. Subsequent requests for the information result in a database lookup. On occasion, acquiring the information requires invoking a Lightweight Directory Access Protocol (LDAP)-bind or native authentication. Both invocations are relatively costly operations for performance. Determine the best trade-off for the application by looking at usage patterns and security needs for the site.
The LTPA timeout value should not be set lower than the security cache timeout value. The LTPA timeout value should be set higher than the ORB request timeout value. However, there is no relation between the security cache timeout value and the ORB request timeout value. For more information on the LTPA timeout value, see the documentation about authentication mechanisms and expiration. For more information on the ORB request timeout value, see the documentation about the Object Request Broker service settings.
Default: | 10 minutes |
Specifies the initial size of the hash table caches.
A higher number of available hash values might decrease the occurrence of hash collisions. A hash collision results in a linear search for the hash bucket, which might decrease the retrieval time. If several entries compose a hash table cache, create a table with a larger capacity that supports more efficient hash entries instead of allowing automatic rehashing determine the growth of the table. Rehashing causes every entry to move each time.
Default: | 50 |
Indicates the maximum size of the cache.
After this limit is reached, the least used entries are removed from the cache to make space for the new entries.
Default: | 25000 |
Caches the userName and the one-way hashed password as the key lookup in the cache.
Disable this only if you do not want this information to be stored in the cache. If this is disabled, every time a user logs in with userName and password, the user registry is accessed, which impacts performance.
Default: | True |
Enables custom cache keys to be used as the key lookups in the authentication cache.
Default: | True |