Configure the JSON Web Key Set (JWKS) endpoint cache to manage the key set caching behavior for the Policy Editor in OIDC mode.
To improve performance, the Policy Editor is configured to cache the JWKS endpoint response indefinitely (when key set caching is enabled). Whenever the Policy Editor encounters a key ID not present in the cache, it makes a request to the JWKS endpoint, regardless of the caching configuration.
You can choose from the following configuration values. This configuration option only affects server-side behavior:
Value | Behavior |
---|---|
Any negative integer |
Caches the key set indefinitely (default configuration) |
0 |
Disables key set caching |
Positive integer |
Sets the key set cache expiry time in seconds |
In general, using the options.yml file to modify the behavior and output of setup requires restarting the Policy Editor. If you have already run setup once, provide the --ignoreWarnings option to overwrite any existing configuration files.
Doing so, however, overwrites the admin keystore and decision point shared secrets. Additionally, providing --generateSelfSignedCertificate overwrites the server keystore. Be sure to back up the admin and server keystores and your original configuration.yml file if you intend to reuse them.