This timeout value determines
how long the authenticated credential in the cache remains valid.
The
optimal value for this field depends on your configuration.
You must consider the following
effects of this value on your configuration:
- Larger authentication cache timeout values can increase the security
risk. For example, you might revoke a user in the user registry or
repository. However, the revoked user can log into the administrative
console using the credential that is cached in the authentication
cache until the cache is refreshed.
- Smaller authentication cache timeout values can affect performance.
When this value is smaller, the application server accesses the user
registry or repository more frequently.
- Larger numbers of entries in the authentication cache, which is
due to an increased number of users, increases the memory usage by
the authentication cache. Thus, the application server might slow
down and affect performance.
You can limit the size of the authentication cache by setting
the com.ibm.websphere.security.util.authCacheMaxSize custom property.
Use this custom property and tune the authentication cache timeout
value to balance your security risk and performance needs. For more
information on the com.ibm.websphere.security.util.authCacheMaxSize
custom property, see the documentation about the security cache properties.
The value that you specify for this field must
be less than the value specified for the Timeout value for forwarded
credentials between servers field.
The default value is
10 minutes.