Skip to content

Cache Configuration

In order to configure Token Server Engine cache time to live, go to the Configuration section of the administration console, then System and choose the Cache tab.

The picture below shows the Cache view in the Admin Console with an example configuration.

Cache Configuration

The table below describes the cache properties that can be configured.

Note: Changes to the TTL values will only affect new entries. The TTL values of existing entries will not be updated.

Cache name Default TTL (seconds) Note
Mobile authentication 300 (5 minutes) Maximum time mobile authentication transaction data is kept in cache. When expired, the transaction is gone and the client needs to restart mobile authentication.
SAML single logout 300 (5 minutes) Maximum time session identifiers are stored in cache to perform Single Logout towards SAML identity providers, including Onegini CIM. When expired, the user is not sent to the SAML identity provider during logout. This field is available in the form if the SAML Service Provider Configuration SLO enabled is enabled.
Device registration identifiers 604800 (7 days) This will determine how much time the device registration id is kept between Dynamic Client Registration challenge and response. It minimizes probability of reusing the same UUID values.
Messages 300 (5 minutes) This determines how long translations are kept in cache. When they expire, they will be retrieved again.
Identity Provider User Info 3600 (1 hour) The user identity contains profile attributes for a user from an external identity provider. When this cache expires, the entries will be retrieved again.
DUM person reports 3600 (1 hour) The DUM person reports cache contains group membership information for a user. When this cache expires, the entries will be retrieved again.
Identity provider SAML metadata 86400 (1 day) This will determine how often the metadata will be fetched from the SAML Identity Provider if it is configured to use the Metadata URI. When the cache entry expires, the metadata is fetched from the identity provider again.
Geolocation lookup 86400 (1 day) This will determine how often the same IP address and user-agent should be checked in the external service.
Onegini CIM's external idp list 86400 (1 day) The external IdPs are passed when the user opens the mobile app. When this cache expires, the entries will be retrieved again.
PrivateKeyJWT validation JWKs URI 604800 (7 days) This will determine how much time the JWK Set returned by a JWKs URI configured for a given client will be cached. When this cache expires, the entries will be retrieved again.

Clearing Cache

The Admin console has the ability to clear caches that are meant to improve the performance. Testing user flows can be a reason to clear these caches. Caches related to sessions or transactions are not clearable as it may affect active users of the system.

Clicking the Clear button for a specific cache will clear it asynchronously in Redis.