The <ResultCache> element specifies the manner in which results may be cached for subsequent lookups.
Known Security Issue
The <ResultCache> element in IdP versions before 3.3.0 has a serious security issue, as described in security advisory 20161027. If you are using a vulnerable version of the IdP then you should not use this element in new deployments, and you should remove it from existing deployments.
The <ResultCache> element can be used safely starting with IdP version 3.3.0.
Schema Name and Location
This element is defined in the urn:mace:shibboleth:2.0:resolver namespace, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
Example
<ResultCache maximumCachedElements="100"/>
Configuration Reference
Attributes
The <ResultCache> element has two optional attributes:
| Name | Type | Default | Description |
|---|---|---|---|
| Integer | 500 | Maximum number of entries the cache may contain |
| Duration | PT4H | Duration after which any entry will be removed from the cache. The duration is reset on each access. |
| Duration | Duration after which any entry will be removed from the cache. The duration is from first use. | |
| Duration | Deprecated 3.4 | Duration after which any entry will be removed from the cache Deprecated as of V3.4, use expireAfterAccess |
Child Elements
No child elements are defined.
Notes
<ResultCache> element can instead be defined by specifying a <ResultCacheBean> element on the data connector, which allows for complete replacement of cache result handling.