The Web Agent stores user session and resource information in cache memory. This technique improves the Web Agent efficiency because the Web Agent does not have to retrieve information from the Policy Server each time a user requests access.
By configuring the cache settings, you can manage how this information is stored. The number of entries in the cache determines the size of the cache. The total number of entries in each cache cannot exceed the maximum cache size specified.
Note: Restart the Web Server for changes in the Web Agent cache settings to take effect.
The following guidelines apply to cache management:
SiteMinder empties cached resource information when you modify a policy. You can also empty the user and resource caches manually from the Administrative UI.
Note: For more information, see the Policy Server documentation.
You can change the amount of time that resource entries will remain in the cache with the following parameter:
Specifies the number of seconds that resource entries remain in the cache. If a user tries to access a protected resource after the time interval has been exceeded, the Web Agent removes the cached entries and contacts the Policy server.
Default: 600 (10 minutes)
Note: If you change the value of this parameter, you must restart the web server to apply the change.
To change how long the resource entries remain cached, set the ResourceCacheTimeout parameter to the number of seconds you want.
You can set a maximum on the number of resource cache entries, such as Web pages, that the Web Agent tracks with the following parameter:
Specifies the maximum number of entries that the Web Agent keeps in its resource cache. An entry contains the following information:
When the maximum is reached, new resource records replace the oldest resource records.
If you set this value to a high number, be sure that sufficient system memory is available.
If you are viewing Web Agent statistics using the OneView Monitor, you may notice that the value shown for the ResourceCacheCount is greater than the value you specified for the MaxResourceCacheSize parameter. This is not an error. The Web Agent uses the MaxResourceCacheSize parameter as a guideline and the values may at times differ because the MaxResourceCacheSize parameter represents the maximum number of average-sized entries in the resource cache. The actual cache entries are most likely larger or smaller than the pre-determined average size; therefore, the effective maximum number of entries may be more or less than the value specified.
Note: For Web Agents that use shared memory, such as the framework Agents, the cache is pre-allocated to a constant size based on the MaxResourceCacheSize value and will not grow.
Default: (Domino web servers) 1000
Default: (IIS and Sun Java System web servers) 700
Default: (Apache web servers) 750
To set the maximum resource cache size
The maximum resource cache size is changed.
If you are protecting an application that uses dynamic, unique URLs, you may want to disable the resource cache. Since the URLs used by the application are unique, then they will not be read from the cache.
To disable the resource cache, change the value of the MaxResourceCacheSize to zero.
You can set a maximum for the number of users the Agent maintains in the session cache with the following parameter:
Specifies the maximum number of users the Agent maintains in its session cache. The session cache stores the session IDs of users who authenticate successfully. Authenticated users accessing other resources within the realm during a session, are authenticated using the session cache instead of the Policy Server. When the maximum number is reached, the Agent replaces the oldest user records with new user records.
Base the value of this parameter on the number of users that you expect to access and use resources for a sustained period. If you set this value to a high number, verify that sufficient system memory is available.
Note: Regardless of the cache size, all entries in the session cache of the Web Agent expire automatically after one hour.
Default: (Domino web servers) 1000
Default: (IIS and Oracle iPlanet web servers) 700
Default: (Apache web servers) 750
To set a maximum size of the user session cache
The maximum user session cache size is changed.
You can configure the Web Agent to store anonymous user information in a cache with the following parameter:
Specifies if the Web Agent caches anonymous user information. You may want to set this parameter in any of the following situations:
You may want to disable this parameter to keep the anonymous user information from filling the cache and leaving no room for registered users.
Default: No
To store anonymous user information in cache, set the value of the CacheAnonymous parameter to yes.
The SiteMinder Web Agent uses the value of the HOST header in an HTTP request to determine the following settings:
SiteMinder Web Agents only accept HTTP version 1.1 requests, because HTTP versions 0.9 and 1.0 do not use HOST headers. This poses problems for some testing tools that do not send HOST headers, because the Web Agent rejects those requests.
SiteMinder r12.0 SP3 supports a new Agent Configuration parameter that lets you define a HOST header value. The Web Agent uses this value in any request that does not contain a HOST header.
To accommodate testing tools that do not send HOST headers
Defines a value for the HOST header. Add this parameter to your Agent Configuration Object or LocalConfig.conf file to use a testing or performance tool that sends HTTP version 0.9 or version 1.0 requests (without HOST headers). If this parameter is not set, the Web Agent only accepts HTTP 1.1 requests.
Default: None (blank)
Example: webserver.example.com
The Web Agent substitutes the DefaultHostName value for any HTTP request without a HOST header.
Copyright © 2012 CA.
All rights reserved.
|
|