locked
How long is the locally cached token valid? RRS feed

  • Question

  • Dear Forum,

    we are currently planning to show Microsoft RMS to potential Clients with a live demo and so on. In our preparations we noticed that users are able to be authenticated eventhough there is no connection to the cloud Service. We also figured out that some kind of cache (more specific: parts of the certificates) is stored in C:\Users\<username>\AppData\Local\Microsoft\MSIPC, but it's quite intransparent how the cache is used and for how long the locally cached token is valid for a specific RMS protected file. In order to be prepared for such questions after the demo, I kindly ask you for help on this matter.

    Thanks and Regards

    Fabio


    • Edited by Fabio10 Thursday, October 2, 2014 9:10 AM
    Thursday, October 2, 2014 8:55 AM

Answers

  • In the meantime there is a corresponding option in Azure to configure the number of the days the content is available without an internet connection. There is also an option to make the content available only online or always with cache :)

    Regards

    Fabio

    • Marked as answer by Fabio10 Monday, December 22, 2014 9:24 AM
    Monday, December 22, 2014 9:23 AM

All replies

  • Hi Fabio,

    When a user first authenticates against the certification URL of an RMS server, the user is than issued a RAC (rights account certificate) or GIC certificate (those that you see in MSIPC folder). RAC/GIC is issued after user authenticates to the domain and is used with further communication between user->RMS server to confirm users' identity. For ADRMS (RMS on premises) the default RAC lifetime is 365 days (it can be manually changed). I would assume that the same amount time is set for Azure RMS.

    You can have a better view on certificates with this great post of Dan Plastina 

    http://blogs.technet.com/b/rms/archive/2012/04/16/licenses-and-certificates-and-how-ad-rms-protects-and-consumes-documents.aspx


    Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

    Wednesday, November 12, 2014 10:08 PM
  • In the meantime there is a corresponding option in Azure to configure the number of the days the content is available without an internet connection. There is also an option to make the content available only online or always with cache :)

    Regards

    Fabio

    • Marked as answer by Fabio10 Monday, December 22, 2014 9:24 AM
    Monday, December 22, 2014 9:23 AM
  • "For ADRMS (RMS on premises) the default RAC lifetime is 365 days (it can be manually changed). I would assume that the same amount time is set for Azure RMS."

    For Azure RMS, unless set by a template, the use license never used to expire - but recently been changed to 30 days.  You can change this default with the latest Azure RMS PowerShell module.

    For more information, see this blog post just published from the RMS team: Changes to the Azure RMS use license validity period and new version of the Azure RMS Administration Tool

    Thursday, April 16, 2015 5:34 PM