Authorization Caching
Caching is used to store run-time authentication and authorization rules, which can be expensive to calculate.
This page describes the cache that can be configured on the Crowd server, to store users' authentication and per-application permissions for a specified period. For an overview of the other types of caching offered by Crowd, please refer to Overview of Caching.
Caching of Users' Application Permissions on the Crowd Server — The Authorization Cache
Crowd can store users' authentication and per-application permissions in a local cache for a specified period after retrieving the information from the directory and application data. The cached data will answer the following questions:
- For a particular user: Is the user authenticated?
- For a particular user and application: Does the user have access to the application?
You might call this the 'has access' cache, or the 'authorization cache'.
Recommended setting: Enabled. For performance reasons, we recommend that the cache be enabled on the Crowd server. This is the default setting.
The effect of caching the data is that users will retain access to applications for a period after their username or permission has been removed, i.e. until the server-side cache expires. You should disable the cache only if you need immediate results when removing users or their permissions.
To enable caching of user-to-application permissions on the Crowd server,
- Log in to the Crowd Administration Console.
- Click the 'Administration' tab in the top navigation bar.
- The 'General Options' screen will appear. Put a tick in the 'Enable Authorization Caching' checkbox.
- Click the 'Update' button.
Screenshot: 'Caching'
Some applications may enable/disable caching based on the Crowd server setting
The Crowd API allows an application to query whether caching is enabled on the Crowd server (isCacheEnabled
). The Crowd Java client does not make use of this API feature, because it makes more sense to have application caching configured entirely on the application side. If you have a Crowd-integrated custom application which does make use of this API call, then the setting on the Crowd server will affect your application-side caching as well.
RELATED TOPICS
- Overview of Caching
- Configuring Caching for an LDAP Directory
- 2022-09-14_09-13-14_Configuring Caching for an Application