KEYCLOAK-3824 Note about public-key-cache-ttl adapter option
This commit is contained in:
mposolda
parent
1ab7f8ed5a
commit
2eba8201b4
1 changed files with 9 additions and 1 deletions
|
|
@ -33,7 +33,8 @@ This is what one might look like:
|
||||||
"client-keystore-password" : "geheim",
|
"client-keystore-password" : "geheim",
|
||||||
"client-key-password" : "geheim",
|
"client-key-password" : "geheim",
|
||||||
"token-minimum-time-to-live" : 10,
|
"token-minimum-time-to-live" : 10,
|
||||||
"min-time-between-jwks-requests" : 10
|
"min-time-between-jwks-requests" : 10,
|
||||||
|
"public-key-cache-ttl": 86400
|
||||||
}
|
}
|
||||||
----
|
----
|
||||||
|
|
||||||
|
|
@ -207,3 +208,10 @@ min-time-between-jwks-requests::
|
||||||
Adapter will always try to download new public key when it recognize token with unknown `kid` . However it won't try it more
|
Adapter will always try to download new public key when it recognize token with unknown `kid` . However it won't try it more
|
||||||
than once per 10 seconds (by default). This is to avoid DoS when attacker sends lots of tokens with bad `kid` forcing adapter
|
than once per 10 seconds (by default). This is to avoid DoS when attacker sends lots of tokens with bad `kid` forcing adapter
|
||||||
to send lots of requests to {{book.project.name}}.
|
to send lots of requests to {{book.project.name}}.
|
||||||
|
|
||||||
|
public-key-cache-ttl::
|
||||||
|
Amount of time, in seconds, specifying maximum interval between two requests to {{book.project.name}} to retrieve new public keys.
|
||||||
|
It is 86400 seconds (1 day) by default.
|
||||||
|
Adapter will always try to download new public key when it recognize token with unknown `kid` . If it recognize token with known `kid`, it will
|
||||||
|
just use the public key downloaded previously. However at least once per this configured interval (1 day by default) will be new
|
||||||
|
public key always downloaded even if the `kid` of token is already known.
|
||||||
Loading…
Reference in a new issue