When a successful authentication occurs, for either an application or a user, a unique token is assigned. Tokens are valid for the period of time specified as the 'Session Timeout' attribute.
The session timeout determines how long a session will be considered valid during any period of inactivity. This value is specified in minutes and must be greater than
To specify the session timeout,
Require Consistent Client IP Address
(Available since Crowd 2.5.2.)
Authenticated sessions can be tied to the IP address they were created from. This means that an attempt to use that session from another machine will fail, which will force mobile clients to reauthenticate when their IP address changes.
This setting can be disabled to relax that requirement, so a session can be used from any IP address. Note that changing this setting will invalidate any existing sessions, so you will be logged out after making this change.
To allow sessions to be used from any IP address,
Authentication Token Storage
Authentication tokens are used to validate application and user sessions. A token is stored for each active session. By default, they're kept in the Crowd database. Storing these tokens in memory can benefit performance, but with some significant drawbacks:
- Sessions will not be saved across Crowd restarts. If you restart Crowd, all your users will have to log in again.
- Clustering will not be possible. Atlassian does not officially support clustering Crowd, but a number of our customers are successfully using it in this manner. See this knowledge-base article.
Switching from database to in-memory token management does not require a restart of Crowd; nor will sessions be lost or validations failed. However, if you have lots of active sessions, and therefore lots of tokens, it can take some time to copy the token information. During this time, validation requests will be queued and Crowd will appear unresponsive to client applications.
As a guide, below are some benchmarks of time taken to switch from one form of token storage to the other. The measurements were taken on a quad-core Mac Pro, using a lightly-loaded PostgreSQL database:
Number of Tokens:
Database -> Memory
Memory -> Database
To switch the token storage location,
Screenshot: 'Session Config'
In-memory cache size
The size of the in-memory token cache is defined in the
crowd-webapp/WEB-INF/classes/crowd-ehcache.xml file. The default should be acceptable for most cases. If you require more than 2048 concurrent sessions in memory you may increase the size of the
- Configuring Server Settings
- Configuring your Mail Server
- Creating an Email Notification Template
- Configuring Trusted Proxy Servers
- Viewing Crowd's System Information
- Backing Up and Restoring Data
- Logging and Profiling
- Overview of Caching
- Configuring the LDAP Connection Pool