Wednesday, April 24, 2013

OpenAM Policy Agent Cache

If one tail the Policy Agent debug log (remember to set logging level to MESSAGE first), one will observe the following and it happens around every 3 minutes.


+++++++++++++

2013-04-23 13:30:24.283    Info 7401:7f2738011780 Polling: Starting sso cache cleaner. Hash table size=0.
2013-04-23 13:30:24.283    Info 7401:7f2738011780 Polling: Finished sso cache cleaner. Hash table size=0.
2013-04-23 13:30:24.283    Info 7401:7f273802d880 Polling: Starting policy cache cleanup. Hash table size=0.
2013-04-23 13:30:24.283    Info 7401:7f273802d880 Polling: Finished policy cache cleanup. Hash table size=0.

++++++++++++

2013-04-23 13:33:24.283    Info 7401:7f2738011780 Polling: Starting sso cache cleaner. Hash table size=0.
2013-04-23 13:33:24.284    Info 7401:7f2738011780 Polling: Finished sso cache cleaner. Hash table size=0.
2013-04-23 13:33:24.284    Info 7401:7f273802d880 Polling: Starting policy cache cleanup. Hash table size=0.
2013-04-23 13:33:24.284    Info 7401:7f273802d880 Polling: Finished policy cache cleanup. Hash table size=0.

+++++++++++

How can we change this value? 

The objective: In a stable environment, there is seldom change in SSO and Policy configuration. So a 3 minutes cache cleanup might be considered "aggressive" and/or "unnecessary" for some customers.


Go to Access Control > / (Top Level Realm) > Agents > [Agent-Name] > OpenAM Services > Policy Client Service




Change the default 3 minutes interval accordingly. 


PS: Since these are "Hot-swap : No" variables, do remember to restart the web container that has Policy Agent installed.




Now, one thing to note is if you enable notification, the cache will be flushed as and when an update comes from OpenAM servers. This might happen even when the polling interval has not reached.




In this mode, cache entry expiration still applies through use of the polling mechanism. In addition, the web agent gets notified by the OpenSSO Enterprise service about session changes through use of a notification mechanism. Session changes include events such as session logout or a session timeout. When notified of a session or a policy change, the web agent updates the corresponding entry in the cache. Apart from session updates, web agents can also receive policy change updates. Policy changes include events such as updating, deleting, and creating policies.




While writing this, I realized I have posted an article on this topic before. Still applicable today.


.

No comments:

Post a Comment