35 lines
No EOL
1.7 KiB
Text
35 lines
No EOL
1.7 KiB
Text
|
|
=== Eviction and Expiration
|
|
|
|
There are multiple different caches configured for {project_name}.
|
|
There is a realm cache that holds information about secured applications, general security data, and configuration options.
|
|
There is also a user cache that contains user metadata. Both caches default to a maximum of 10000 entries and use a least recently used eviction strategy.
|
|
Each of them is also tied to an object revisions cache that controls eviction in a clustered setup.
|
|
This cache is created implicitly and has twice the configured size. There are some more caches for save the authorization data, keys etc.
|
|
There are also separate caches for user sessions, offline tokens, login failures and other things. These caches are unbounded in size by default.
|
|
|
|
The eviction policy and max entries for these caches can be configured in the _standalone.xml_, _standalone-ha.xml_, or
|
|
_domain.xml_ depending on your <<_operating-mode, operating mode>>. In the configuration file, there is the part with infinispan
|
|
subsystem, which looks similar to this:
|
|
|
|
[source,xml,subs="attributes+"]
|
|
----
|
|
<subsystem xmlns="{subsystem_infinispan_xml_urn}">
|
|
<cache-container name="keycloak">
|
|
<local-cache name="realms">
|
|
<object-memory size="10000"/>
|
|
</local-cache>
|
|
<local-cache name="users">
|
|
<object-memory size="10000"/>
|
|
</local-cache>
|
|
...
|
|
<local-cache name="keys">
|
|
<object-memory size="1000"/>
|
|
<expiration max-idle="3600000"/>
|
|
</local-cache>
|
|
...
|
|
</cache-container>
|
|
----
|
|
|
|
To limit or expand the number of allowed entries simply add or edit the `object` element or the `expiration` element of particular cache
|
|
configuration. |