Merge pull request #55 from mposolda/master

KEYCLOAK-3825 Update about cache docs
This commit is contained in:
Marek Posolda 2016-11-25 22:20:25 +01:00 committed by GitHub
commit f9a63dde80
3 changed files with 9 additions and 2 deletions

View file

@ -45,4 +45,7 @@ client changes it's keys, {{book.project.name}} will automatically download them
If you use client secured by {{book.project.name}} adapter, you can configure the JWKS URL like https://myhost.com/myapp/k_jwks assuming that https://myhost.com/myapp is the
root URL of your client application. See {{book.developerguide.link}}[{{book.developerguide.name}}] for additional details.
WARNING: For the performance purposes, {{book.project.name}} caches the public keys of the OIDC clients. If you think that private key of your client
was compromised, it is obviously good to update your keys, but it's also good to clear the keys cache. See <<fake/../../realms/cache.adoc#_clear-cache, Clearing the cache>>
section for more details.

View file

@ -53,6 +53,9 @@ You must define the OpenID Connection configuration options as well. They basic
|Validate Signatures
|Another optional switch. This is to specify if {{book.project.name}} will verify the signatures on the external ID Token signed by this Identity provider. If this is on,
the {{book.project.name}} will need to know the public key of the external OIDC identity provider. See below for how to setup it.
WARNING: For the performance purposes, {{book.project.name}} caches the public key of the external OIDC identity provider. If you think that private key of your Identity provider
was compromised, it is obviously good to update your keys, but it's also good to clear the keys cache. See
<<fake/../../realms/cache.adoc#_clear-cache, Clearing the cache>> section for more details.
|Use JWKS URL
|Applicable just `Validate Signatures` is on. If the switch is on, then identity provider public keys will be downloaded from given JWKS URL.

View file

@ -1,9 +1,10 @@
[[_clear-cache]]
=== Clearing Server Caches
{{book.project.name}} will cache everything it can in memory within the limits of your JVM and/or the limits you've configured
it for. If the {{book.project.name}} database is modified by a third party (i.e. a DBA) outside the scope of the server's REST APIs or Admin Console
there's a chance parts of the in-memory cache may be stale. You can clear the realm and user caches from the Admin Console by going
there's a chance parts of the in-memory cache may be stale. You can clear the realm cache, user cache or cache of external public keys (Public keys of
external clients or Identity providers, which {{book.project.name}} usually uses for verify signatures of particular external entity) from the Admin Console by going
to the `Realm Settings` left menu item and the `Cache` tab.
.Keys tab