Previous Topic: SiteMinder Policy Membership and Authorization Performance

Next Topic: User Authorization Cache Efficiency

User Authorization Cache

The user authorization cache reduces the number of user directory requests to determine SiteMinder policy membership by storing the relationship between users and policies.

Note: The user authorization cache does not store data about the user, store user attribute values, or cache user entries.

For example, three policies are configured to apply to an "Administrator" group, to which user A belongs. The first–time the Policy Server evaluates SiteMinder policy membership, it must resolve the group membership and make three requests (one for each policy) to the user directory to determine that each SiteMinder policy applies.

The Policy Server writes these results to the user authorization cache. Subsequent policy evaluation does not require the Policy Server to make user directory requests. Rather, the Policy Server uses the cached authorization information to determine policy membership.

Note: The Policy Server polls for policy updates periodically. The default interval is 60 seconds. If the policy membership changes, the Policy Server reloads the policy and removes the cache entries that are related to the updated policy.

More information:

SiteMinder Policy Membership and Authorization Performance


Copyright © 2010 CA. All rights reserved. Email CA about this topic