The cache is cleared every 10 minutes by default, but you may want to consider increasing this interval if you keep seeing the following error in the Federation debug log:ERROR: IDPSSOFederate.doSSOFederate: Unable to get AuthnRequest from cache, sending error response
This error means that the SAML AuthnRequest is missing from the local cache; this can be caused by timeout or by a misrouted request in a multi-instance environment where stickiness is not available. If it is a timeout issue, increasing the cache cleanup interval would prevent these errors.
You can configure how long the SAML AuthnRequest remains in the cache using either the console or ssoadm:
- Console: navigate to: Configure > Global Services > SAMLv2 Service Configuration > Cache cleanup interval and enter the number of seconds that you want the AuthnRequest to remain in the cache. Once this time elapses, the cache is cleared.
- ssoadm: enter the following command: $ ./ssoadm set-attr-defs -s sunFAMSAML2Configuration -t global -u [adminID] -f [passwordfile] -a CacheCleanupInterval=[seconds]replacing [adminID], [passwordfile] and [seconds] with appropriate values.
You must restart the web application container in which AM runs to apply these configuration changes.
You cannot disable this cache; setting the Cache cleanup interval to 0 will cause a divide by zero exception during initialization of the SPCache: "java.lang.ArithmeticException: / by zero".