libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions

KEYCLOAK-3825 Update about cache docs

Browse source
This commit is contained in:
mposolda 2016-11-25 22:18:52 +01:00
parent d090062411
commit 78efd18cca
3 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
topics/clients/oidc/confidential.adoc
View file

@ -45,4 +45,7 @@ client changes it's keys, {{book.project.name}} will automatically download them
If you use client secured by {{book.project.name}} adapter, you can configure the JWKS URL like https://myhost.com/myapp/k_jwks assuming that https://myhost.com/myapp is the
root URL of your client application. See {{book.developerguide.link}}[{{book.developerguide.name}}] for additional details.
WARNING: For the performance purposes, {{book.project.name}} caches the public keys of the OIDC clients. If you think that private key of your client
was compromised, it is obviously good to update your keys, but it's also good to clear the keys cache. See <<fake/../../realms/cache.adoc#_clear-cache, Clearing the cache>>
section for more details.

3
topics/identity-broker/oidc.adoc
View file

@ -53,6 +53,9 @@ You must define the OpenID Connection configuration options as well. They basic
|Validate Signatures
|Another optional switch. This is to specify if {{book.project.name}} will verify the signatures on the external ID Token signed by this Identity provider. If this is on,
the {{book.project.name}} will need to know the public key of the external OIDC identity provider. See below for how to setup it.
WARNING: For the performance purposes, {{book.project.name}} caches the public key of the external OIDC identity provider. If you think that private key of your Identity provider
was compromised, it is obviously good to update your keys, but it's also good to clear the keys cache. See
<<fake/../../realms/cache.adoc#_clear-cache, Clearing the cache>> section for more details.
|Use JWKS URL
|Applicable just `Validate Signatures` is on. If the switch is on, then identity provider public keys will be downloaded from given JWKS URL.

5
topics/realms/cache.adoc
View file

@ -1,9 +1,10 @@
[[_clear-cache]]
=== Clearing Server Caches
{{book.project.name}} will cache everything it can in memory within the limits of your JVM and/or the limits you've configured
it for. If the {{book.project.name}} database is modified by a third party (i.e. a DBA) outside the scope of the server's REST APIs or Admin Console
there's a chance parts of the in-memory cache may be stale. You can clear the realm and user caches from the Admin Console by going
there's a chance parts of the in-memory cache may be stale. You can clear the realm cache, user cache or cache of external public keys (Public keys of
external clients or Identity providers, which {{book.project.name}} usually uses for verify signatures of particular external entity) from the Admin Console by going
to the `Realm Settings` left menu item and the `Cache` tab.
.Keys tab