1.22 DefaultCacheTimeout must be configured properly for active security domains - 'DefaultCacheTimeout <= 1800'

Information

Security domains in use must use DefaultCacheTimeout less than or equal to 1800 seconds.
If you want to disable caching of security credentials, set this to 0 to force authentication to occur every time. This has no affect if the AuthenticationCacheJndiName has been changed from the default value.

Solution

Open the JaasSecurityManagerService Mbean configuration file located at JBOSS_HOME/server/@[email protected]/conf/jboss-service.xml

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-23, CAT|II

Plugin: Unix

Control ID: 323dbfe653fe9d723ee149efb72c9a4b792478f5fcdfe3e42701e9176ee5966a