How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I configure how long the SAML AuthnRequest remains in cache in AM (All versions)?

Last updated Jan 16, 2023

The purpose of this article is to provide information on configuring how long the SAML AuthnRequest (request ID) remains in the cache in AM. By default, the cache is cleared every 10 minutes. Cached details include the AuthRequest and the artifact ID.


1 reader recommends this article

Overview

The cache is cleared every 10 minutes by default, but you may want to consider increasing this interval if you keep seeing the following error in the Federation debug log:

ERROR: IDPSSOFederate.doSSOFederate: Unable to get AuthnRequest from cache, sending error response

This error means that the SAML AuthnRequest is missing from the local cache; this can be caused by timeout or by a misrouted request in a multi-instance environment where stickiness is not available. If it is a timeout issue, increasing the cache cleanup interval would prevent these errors.

Configuring how long the SAML AuthnRequest remains in the cache

You can configure how long the SAML AuthnRequest remains in the cache using either the AM admin UI or ssoadm:

  • AM admin UI: navigate to: Configure > Global Services > SAMLv2 Service Configuration > Cache cleanup interval and enter the number of seconds that you want the AuthnRequest to remain in the cache. Once this time elapses, the cache is cleared.
  • ssoadm: enter the following command: $ ./ssoadm set-attr-defs -s sunFAMSAML2Configuration -t global -u [adminID] -f [passwordfile] -a CacheCleanupInterval=[seconds]replacing [adminID], [passwordfile] and [seconds] with appropriate values.
Note

You must restart the web application container in which AM runs to apply these configuration changes.

Caution

You cannot disable this cache; setting the Cache cleanup interval to 0 will cause a divide by zero exception during initialization of the SPCache: java.lang.ArithmeticException: / by zero.

See Also

SAML 2.0 federation in AM

SAML v2.0

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.