Java Agents 2024.11

Public Key Cache Non-Refresh Interval in seconds

This property is only relevant when the property Enable internal checking of JWT signature is set to true.

The agent caches AM public keys used for JWT signing. When the agent receives a JWT using a key not in its cache, it will invoke AM to retrieve the current list of valid keys.

This property prevents the agent from invoking AM "too often" after it has already done so.

This property helps to mitigate DoS attacks whereby a hacker floods a site with requests using JWTs containing deliberately invalid key ids.

Ordinarily this would cause the agent to flood AM with requests, but with this property set to a non zero value, there is a window in which AM is not invoked,

excess network traffic is not generated and all JWTs containing unknown keys are rejected.

Property name

org.forgerock.agents.public.key.non.refresh.interval.seconds

Aliases

org.forgerock.agents.public.key.non.refresh.interval.seconds
  Introduced in Java Agent 2024.11

Function

Authentication service

Type

Integer

Default

120

Bootstrap property

No

Required property

No

Restart required

No

Local configuration file

AgentConfig.properties

Copyright © 2010-2024 ForgeRock, all rights reserved.