[authentication_cache]
This section contains the settings that determine how soon after performing a 2FA/MFA authentication the user must repeat the authentication when opening a new session.
After the first Starling 2FA authentication of the user, SPS will not request a new Starling 2FA authentication from the user as long as the new authentications happen within soft_timeout seconds from each other. After the hard_timeout expires (measured from the first Starling 2FA login of the user), SPS will request a new Starling 2FA authentication.
In other words, after opening the first session and authenticating on Starling 2FA, the user can keep opening other sessions without having to authenticate again on Starling 2FA as long as the time between opening any two sessions is less than soft_timeout, but must authenticate on Starling 2FA if hard_timeout expires.
Declaration
[authentication_cache]
soft_timeout=15
hard_timeout=90
conn_limit=5
soft_timeout
| Type: |
integer [in seconds] |
| Required: |
yes, if you want caching |
| Default: |
N/A |
Description: The time in seconds after which the SPS plugin requires a new Starling 2FA authentication for the next new session of the user, unless the user successfully authenticates another session within this period.
hard_timeout
| Type: |
integer [in seconds] |
| Required: |
yes, if you want caching |
| Default: |
N/A |
Description: The time in seconds after which the SPS plugin requires a new Starling 2FA authentication for the next new session of the user. The time is measured from the last Starling 2FA authentication of the user.
conn_limit
| Type: |
integer [number of] |
Description: The cache can be used conn_limit times without multi-factor authentication. If the number of logins exceeds this number, the plugin will request multi-factor authentication again. If this parameter is not set, the number of logins from cache are unlimited.
