Cache Configuration¶
In order to configure Token Server Engine cache time to live, go to the Configuration section of the administration console, then System and choose
the Cache tab.
The picture below shows the Cache view in the Admin Console with an example configuration.
The table below describes the cache properties that can be configured.
Note: Changes to the TTL values will only affect new entries. The TTL values of existing entries will not be updated.
| Cache name | Default TTL (seconds) | Note |
|---|---|---|
| Mobile authentication | 300 (5 minutes) | Maximum time mobile authentication transaction data is kept in cache. When expired, the transaction is gone and the client needs to restart mobile authentication. |
| SAML single logout | 300 (5 minutes) | Maximum time session identifiers are stored in cache to perform Single Logout towards SAML identity providers, including Onegini CIM. When expired, the user is not sent to the SAML identity provider during logout. This field is available in the form if the SAML Service Provider Configuration SLO enabled is enabled. |
| Device registration identifiers | 604800 (7 days) | This will determine how much time the device registration id is kept between Dynamic Client Registration challenge and response. It minimizes probability of reusing the same UUID values. |
| Messages | 300 (5 minutes) | This determines how long translations are kept in cache. When they expire, they will be retrieved again. |
| Identity Provider User Info | 3600 (1 hour) | The user identity contains profile attributes for a user from an external identity provider. When this cache expires, the entries will be retrieved again. |
| DUM person reports | 3600 (1 hour) | The DUM person reports cache contains group membership information for a user. When this cache expires, the entries will be retrieved again. |
| Identity provider SAML metadata | 86400 (1 day) | This will determine how often the metadata will be fetched from the SAML Identity Provider if it is configured to use the Metadata URI. When the cache entry expires, the metadata is fetched from the identity provider again. |
| Geolocation lookup | 86400 (1 day) | This will determine how often the same IP address and user-agent should be checked in the external service. |
| Onegini CIM's external idp list | 86400 (1 day) | The external IdPs are passed when the user opens the mobile app. When this cache expires, the entries will be retrieved again. |
| PrivateKeyJWT validation JWKs URI | 604800 (7 days) | This will determine how much time the JWK Set returned by a JWKs URI configured for a given client will be cached. When this cache expires, the entries will be retrieved again. |
Clearing Cache¶
The Admin console has the ability to clear caches that are meant to improve the performance. Testing user flows can be a reason to clear these caches. Caches related to sessions or transactions are not clearable as it may affect active users of the system.
Clicking the Clear button for a specific cache will clear it asynchronously in Redis.