<ResultCache> element specifies the manner in which results may be cached for subsequent lookups.
Known Security Issue
<ResultCache> element in IdP versions before 3.3.0 has a serious security issue when used in conjunction with the LDAP connector, as described in security advisory 20161027. If you are using a vulnerable version of the IdP then you should not use this element in new deployments, and you should remove it from existing deployments.
<ResultCache> element can be used safely with LDAP starting with IdP version 3.3.0.
Schema Name and Location
This element is defined in the
urn:mace:shibboleth:2.0:resolver namespace, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
<ResultCache> element has two optional attributes:
|Integer||500 ||Maximum number of entries the cache may contain|
|Duration||PT4H||Duration since last use after which any entry will be removed from the cache. The duration is reset on each access.|
|Duration||Duration after which any entry will be removed from the cache. The duration is from first use.|
|Duration||Deprecated 3.4||Duration, since last use, after which any entry will be removed from the cache|
Deprecated as of V3.4, use the more precisely-named
No child elements are defined.
The caching specified by the
<ResultCache> element can instead be defined by specifying a
<ResultCacheBean> element on the data connector, which allows for complete replacement of cache result handling.