cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
testuser_dfg
Level 7
Report Inappropriate Content
Message 1 of 3
‎09-20-2019 02:42 AM

Clear User Session / Force Reauthentication

Hello,

after User Authentication and with enabled "Authentication Cache" the Users AD Group Memberships are also cached.

Is there any way to force a manual renew of the user authentication respective the user group membership information?

Kind regards,
Stefan

0 Kudos
Reply
2 Replies
smasnizk
Employee
Employee
Report Inappropriate Content
Message 2 of 3
‎09-20-2019 05:21 AM

Re: Clear User Session / Force Reauthentication

Dear Stefan,

 

there is no update mechanism or command implemented, You will have to wait for TTL is reached and groups updated. Alternative keep your "Authentication Cache entry TTL" low. Unfortunately you can expect performance degradation due to obvious reasons.

 

-Sergej

Best Regards,
Sergej


If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
0 Kudos
Reply
swilkens1
Employee
Employee
Report Inappropriate Content
Message 3 of 3
‎09-20-2019 05:53 AM

Re: Clear User Session / Force Reauthentication

The MWG has Rule Engine Events to clear the cache. However, they affect all users (the global cache). They do not clear the cache entry associated for a single user/IP. (feature enhancement request needed)

For NTLM settings, there are two 'authentication caches': Authentication Cache and NTLM Cache.

  • The first setting, Authentication Cache (default 30 minutes), stores the groups for a client if they choose Basic authentication.
  • The second cache, NTLM Cache (default 10 seconds), applies to Integrated NTLM auth. This cache stores groups (and other parts of the NTLM handshake) for the TTL -- eliminating the need for MWG to validate credentials with direct communication to the Domain Controller.

These caches are not stored on disk, so they are cleared when:

  • The MWG is restarted
  • The setting is disabled and configuration Saved
  • The events Authentication.ClearCache (for Authentication Cache) or Authentication.ClearNTLMCache (for NTLM Cache) are triggered in the Rule Engine.

 

- Steven W.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC