The <ResultCache>
element specifies the manner in which results may be cached for subsequent lookups.
Known Security Issue
The <ResultCache>
element in IdP versions before 3.3.0 has a serious security issue, as described in security advisory 20161027. If you are using a vulnerable version of the IdP then you should not use this element in new deployments, and you should remove it from existing deployments.
The <ResultCache>
element can be used safely starting with IdP version 3.3.0.
Schema Name and Location
This element is defined in the urn:mace:shibboleth:2.0:resolver
namespace, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
Example
<ResultCache maximumCachedElements="100"/>
Configuration Reference
Attributes
The <ResultCache>
element has two optional attributes:
Name | Type | Default | Description |
---|---|---|---|
| Integer | 500 | Maximum number of entries the cache may contain |
| Duration | PT4H | Duration after which any entry will be removed from the cache. The duration is reset on each access. |
| Duration | Duration after which any entry will be removed from the cache. The duration is from first use. | |
| Duration | Deprecated 3.4 | Duration after which any entry will be removed from the cache Deprecated as of V3.4, use expireAfterAccess |
Child Elements
No child elements are defined.
Notes
<ResultCache>
element can instead be defined by specifying a <ResultCacheBean>
element on the data connector, which allows for complete replacement of cache result handling.