The user authorization cache reduces the number of user directory requests to determine SiteMinder policy membership by storing the relationship between users and policies.
Note: The user authorization cache does not store data about the user, store user attribute values, or cache user entries.
For example, three policies are configured to apply to an "Administrator" group, to which user A belongs. The firsttime the Policy Server evaluates SiteMinder policy membership, it must resolve the group membership and make three requests (one for each policy) to the user directory to determine that each SiteMinder policy applies.
The Policy Server writes these results to the user authorization cache. Subsequent policy evaluation does not require the Policy Server to make user directory requests. Rather, the Policy Server uses the cached authorization information to determine policy membership.
Note: The Policy Server polls for policy updates periodically. The default interval is 60 seconds. If the policy membership changes, the Policy Server reloads the policy and removes the cache entries that are related to the updated policy.
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |