Data Center 6.0
Versions

Authorization Caching

Configuring Server Settings

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Caching is used to store run-time authentication and authorization rules, which can be expensive to calculate.

This page describes the cache that can be configured on the Crowd server, to store users' authentication and per-application permissions for a specified period. For an overview of the other types of caching offered by Crowd, refer to Overview of Caching.

Caching of Users' Application Permissions on the Crowd Server — The Authorization Cache

Crowd can store users’ authentication status and per-application permissions in a local cache for a set period after retrieving this information from the directory and application data. The cache helps answer these questions:

  • For a particular user: Is the user authenticated?
  • For a particular user and application: Does the user have access to the application?

This feature is sometimes called the authorization cache or the "has access" cache.

We recommend keeping the cache enabled on the Crowd server for better performance. This is the default configuration.

When caching is enabled, users will continue to have access to applications for a short time after their username or permissions are removed. Access is retained until the server-side cache expires. Only disable the cache if you need changes to user access or permissions to take effect immediately.

To enable caching of user-to-application permissions on the Crowd server:

  1. Log in to the Crowd Administration Console.
  2. In the top navigation bar, go to Settings gear.
  3. Select Enable Authorization Caching.
  4. Select Save


Some applications may enable/disable caching based on the Crowd server setting

The Crowd API allows an application to query whether caching is enabled on the Crowd server (isCacheEnabled). The Crowd Java client does not make use of this API feature, because it makes more sense to have application caching configured entirely on the application side. If you have a Crowd-integrated custom application which does make use of this API call, then the setting on the Crowd server will affect your application-side caching as well.

Control Caching Behavior with Properties

You can use the following properties to manage authentication caching. How to configure system properties

Property name

Default value

Description

authentication.cache.ttl.minutes

The same as session.validationinterval if set, otherwise, it's 0.

Sets how long, in minutes, a user’s authentication state stays cached.

authentication.cache.disabled

false

When set to true, disables the cache. Disabling the cache can significantly affect performance. By default, the cache is enabled.


Last modified on Feb 17, 2026

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.