The different layers of caches in OpenAM 3.0.4 agents may look confusing if you’re not careful. Moreover, web agents, J2EE agents or SDK clients accept different configuration parameters with regards to caches and notifications. That’s why I decided to write this page in order to try to clarify that. So let’s go:

OpenAM 3.04 Web (Apache, IIS, ….) agent caches parameters

com.sun.identity.agents.config.policy.cache.polling.interval
# POLICY CACHE POLLING INTERVAL
#   This property determines the amount of time (in minutes) an entry
#   remains valid after it has been added to the cache. The default
#   value for this property is 3 minutes.
#
# Hot-Swap Enabled: No

com.sun.identity.agents.config.sso.cache.polling.interval
# SSO TOKEN CACHE POLLING INTERVAL
#   This property determines the amount of time (in minutes) an sso entry
#   remains valid after it has been added to the cache. The default
#   value for this property is 3 minutes.
#
# Hot-Swap Enabled: No

com.sun.identity.agents.config.polling.interval
# AGENT CONFIGURATION POLLING INTERVAL
#   Agent fetches new configuration either from server or local file(i.e. this file)
#   based on agent repository type value: centralized/local.
#   If agent is configured with AM 7.x, then agent uses local file(i.e. this file)
#   The value is in minutes.
#
# Hot-Swap Enabled: No

com.sun.identity.agents.config.notification.enable
#
# NOTIFICATION PROPERTIES
#   - notification.enable: Should the policy SDK use the OpenSSO server notification
#       mechanism to maintain the consistency of its internal cache?  If the value
#       is false, then a polling mechanism is used to maintain cache consistency.
#       Possible values are true or false.
# Hot-Swap Enabled: No

 

OpenAM 3.0.4 J2EE (Tomcat, Weblogic, ….) agent caches parameters

com.sun.identity.idm.remote.notification.enabled
# Set enabled to true to enable notifications for the IdRepo cache.

com.iplanet.am.sdk.remote.pollingTime
# Set pollingTime to the poll frequency in minutes for the IdRepo cache, if notification are enabled.

com.sun.identity.agents.config.load.interval
# This property specifies the interval in seconds between configuration reloads. When this
 property is set to 0, the hot-swap mechanism is disabled.

com.sun.identity.agents.notification.enabled
# When set to true, enable notifications of security policy changes. If false, polling is enabled

com.sun.identity.agents.polling.interval
# Security policies cache polling time in minutes 

com.iplanet.am.session.client.polling.enable
# Enable or disable agent polling for session cache. If disabled, sessions changes are notified by OpenAM.

com.iplanet.am.session.client.polling.period
# Session cache refresh interval in seconds, when session cache polling is enabled

com.sun.identity.sm.notification.enabled
# Set to true to enable configuration data change notifications. If false, polling is enabled.

com.sun.identity.sm.cacheTime
# Set notification.enabled to false and set cacheTime to the poll frequency in minutes to enable polling for the configuration cache.

Also, if you didn’t find what you were looking for, I’d suggest you to read this page, from the Forgerock’s wiki. Happy authentications !

Les derniers articles par janua (tout voir)