The <ResultCache> element specifies the manner in which results may be cached for subsequent lookups.

Known Security Issue

The <ResultCache> element in IdP versions before 3.3.0 has a serious security issue when used in conjunction with the LDAP connector, as described in security advisory 20161027. If you are using a vulnerable version of the IdP then you should not use this element in new deployments, and you should remove it from existing deployments.

The <ResultCache> element can be used safely with LDAP starting with IdP version 3.3.0.

Schema Name and Location

This element is defined in the urn:mace:shibboleth:2.0:resolver namespace, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd

Example

<ResultCache maximumCachedElements="100"/>

Configuration Reference

Attributes

The <ResultCache> element has two optional attributes:

Name	Type	Default	Description
`maximumCachedElements`	Integer	500	Maximum number of entries the cache may contain
`expireAfterAccess`^3.4	Duration	PT4H	Duration since last use after which any entry will be removed from the cache. The duration is reset on each access.
`expireAfterWrite`^3.4	Duration		Duration after which any entry will be removed from the cache. The duration is from first use.
`elementTimeToLive`	Duration	Deprecated^3.4	Duration, since last use, after which any entry will be removed from the cache Deprecated as of V3.4, use the more precisely-named `expireAfterAccess`

Child Elements

No child elements are defined.

Notes

The caching specified by the <ResultCache> element can instead be defined by specifying a <ResultCacheBean> element on the data connector, which allows for complete replacement of cache result handling.

Browser not supported