The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.
ResultCache
- Rod Widdowson
- Scott Cantor
- Ian Young
The <ResultCache> element specifies the manner in which results may be cached for subsequent lookups.
Known Security Issue
The <ResultCache> element in IdP versions before 3.3.0 has a serious security issue when used in conjunction with the LDAP connector, as described in security advisory 20161027. If you are using a vulnerable version of the IdP then you should not use this element in new deployments, and you should remove it from existing deployments.
The <ResultCache> element can be used safely with LDAP starting with IdP version 3.3.0.
Schema Name and Location
This element is defined in the urn:mace:shibboleth:2.0:resolver namespace, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
Example
<ResultCache maximumCachedElements="100"/>
Configuration Reference
Attributes
The <ResultCache> element has two optional attributes:
| Name | Type | Default | Description |
|---|---|---|---|
| Integer | 500 | Maximum number of entries the cache may contain |
| Duration | PT4H | Duration since last use after which any entry will be removed from the cache. The duration is reset on each access. |
| Duration | Duration after which any entry will be removed from the cache. The duration is from first use. | |
| Duration | Deprecated 3.4 | Duration, since last use, after which any entry will be removed from the cache Deprecated as of V3.4, use the more precisely-named expireAfterAccess |
Child Elements
No child elements are defined.
Notes
<ResultCache> element can instead be defined by specifying a <ResultCacheBean> element on the data connector, which allows for complete replacement of cache result handling.