keycloak-scim/topics/cache/eviction.adoc


=== Eviction and Expiration

There are multiple different caches configured for {{book.project.name}}.
There is a realm cache that holds information about secured applications, general security data, and configuration options.
This size of this cache is unbounded and does not have a limit on entries.  This might scare you a little bit, but the number of entries
in this cache is pretty low compared to the user cache.  There is also a user cache that contains user metadata.  It defaults to a maximum of 10000 entries and uses a least recently used eviction strategy.
There are also separate caches for user sessions, offline tokens, and login failures.  These caches are unbounded in size as well.

The eviction policy and max entries for these caches can be configured in the _standalone.xml_, _standalone-ha.xml_, or
_domain.xml_ depending on your <<fake/../../operating-mode.adoc#_operating-mode, operating mode>>.

.non-clustered
[source,xml]
----
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
    <cache-container name="keycloak" jndi-name="infinispan/Keycloak">
        <local-cache name="realms"/>
        <local-cache name="users">
           <eviction strategy="LRU" max-entries="10000"/>
        </local-cache>
        <local-cache name="sessions"/>
        <local-cache name="offlineSessions"/>
        <local-cache name="loginFailures"/>
        <local-cache name="work"/>
        <local-cache name="authorization">
           <eviction strategy="LRU" max-entries="100"/>
        </local-cache>
        <local-cache name="keys">
           <eviction strategy="LRU" max-entries="1000"/>
           <expiration max-idle="3600000"/>
        </local-cache>
    </cache-container>
----


.clustered
[source,xml]
----
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
    <cache-container name="keycloak" jndi-name="infinispan/Keycloak">
        <transport lock-timeout="60000"/>
        <local-cache name="realms"/>
        <local-cache name="users">
            <eviction max-entries="10000" strategy="LRU"/>
        </local-cache>
        <distributed-cache name="sessions" mode="SYNC" owners="1"/>
        <distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
        <distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
        <distributed-cache name="authorization" mode="SYNC" owners="1"/>
        <replicated-cache name="work" mode="SYNC"/>
        <local-cache name="keys">
            <eviction max-entries="1000" strategy="LRU"/>
            <expiration max-idle="3600000"/>
        </local-cache>
    </cache-container>
----

To limit or expand the number of allowed entries simply add, edit, or remove the `eviction` element or the `expiration` element of particular cache
configuration.
gitlab conversion script 2016-04-30 04:39:32 +00:00
cache 2016-04-28 23:31:06 +00:00			`=== Eviction and Expiration`

2nd draft 2016-04-29 20:12:12 +00:00			`There are multiple different caches configured for {{book.project.name}}.`
cache 2016-04-28 23:31:06 +00:00			`There is a realm cache that holds information about secured applications, general security data, and configuration options.`
2nd draft 2016-04-29 20:12:12 +00:00			`This size of this cache is unbounded and does not have a limit on entries. This might scare you a little bit, but the number of entries`
			`in this cache is pretty low compared to the user cache. There is also a user cache that contains user metadata. It defaults to a maximum of 10000 entries and uses a least recently used eviction strategy.`
			`There are also separate caches for user sessions, offline tokens, and login failures. These caches are unbounded in size as well.`
cache 2016-04-28 23:31:06 +00:00
			`The eviction policy and max entries for these caches can be configured in the _standalone.xml_, _standalone-ha.xml_, or`
			`_domain.xml_ depending on your <<fake/../../operating-mode.adoc#_operating-mode, operating mode>>.`

			`.non-clustered`
			`[source,xml]`
			`----`
			`<subsystem xmlns="urn:jboss:domain:infinispan:4.0">`
KEYCLOAK-3825 Update about cache docs 2016-11-25 21:02:12 +00:00			`<cache-container name="keycloak" jndi-name="infinispan/Keycloak">`
			`<local-cache name="realms"/>`
			`<local-cache name="users">`
			`<eviction strategy="LRU" max-entries="10000"/>`
			`</local-cache>`
			`<local-cache name="sessions"/>`
			`<local-cache name="offlineSessions"/>`
			`<local-cache name="loginFailures"/>`
			`<local-cache name="work"/>`
			`<local-cache name="authorization">`
			`<eviction strategy="LRU" max-entries="100"/>`
			`</local-cache>`
			`<local-cache name="keys">`
			`<eviction strategy="LRU" max-entries="1000"/>`
			`<expiration max-idle="3600000"/>`
			`</local-cache>`
			`</cache-container>`
cache 2016-04-28 23:31:06 +00:00			`----`


cache 2016-04-28 23:34:34 +00:00			`.clustered`
cache 2016-04-28 23:31:06 +00:00			`[source,xml]`
			`----`
			`<subsystem xmlns="urn:jboss:domain:infinispan:4.0">`
KEYCLOAK-3825 Update about cache docs 2016-11-25 21:02:12 +00:00			`<cache-container name="keycloak" jndi-name="infinispan/Keycloak">`
			`<transport lock-timeout="60000"/>`
			`<local-cache name="realms"/>`
			`<local-cache name="users">`
			`<eviction max-entries="10000" strategy="LRU"/>`
			`</local-cache>`
			`<distributed-cache name="sessions" mode="SYNC" owners="1"/>`
			`<distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>`
			`<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>`
			`<distributed-cache name="authorization" mode="SYNC" owners="1"/>`
			`<replicated-cache name="work" mode="SYNC"/>`
			`<local-cache name="keys">`
			`<eviction max-entries="1000" strategy="LRU"/>`
			`<expiration max-idle="3600000"/>`
			`</local-cache>`
			`</cache-container>`
cache 2016-04-28 23:31:06 +00:00			`----`

KEYCLOAK-3825 Update about cache docs 2016-11-25 21:02:12 +00:00			To limit or expand the number of allowed entries simply add, edit, or remove the `eviction` element or the `expiration` element of particular cache
			`configuration.`