Rule ID
SV-279270r1170571_rule
Version
V1R2
CCIs
Some authentication implementations can be configured to use cached authenticators. If cached authentication information is out-of-date, the validity of the authentication information may be questionable. The organization-defined time period should be established for each device depending on the nature of the device; for example, a device with just a few administrators in a facility with spotty network connectivity may merit a longer caching time period than a device with many administrators.
1. Log in to the Edge SWG SSH CLI. 2. Enter "show realms". If under LDAP Realm the "Authorization refresh", "Credentials refresh", and "Surrogates refresh" are not set to 10 seconds, or what the site requires, this is a finding.
1. In the Edge SWG Web UI, navigate to the Configuration tab. 2. Select the "Authentication" and "Realms and Domains" areas. 3. Select the previously configured LDAP domain. 4. Click "Show" for "Advanced Settings". 5. Check "Use the same refresh time for all". 6. Under "Credential refresh time", add 10 seconds, or whatever the site requires.