Thursday, April 14, 2011

Web Agent Caching Behavior

I have been asked a few times by customers on how Policy Agent manages its internal cache. I think I might as well make a note of this so that I can make reference to this question again much easier next time.

There is actually a documentation on this topic here.


  1. Policy agent caches users' policies
  2. 2 mechanism are utilized: notification and/or polling
  3. Each cache entry expires in 3 minutes, by default

Firewall Consideration

The challenge comes when there is a firewall between the Policy Agent and OpenSSO Enterprise Server. In such circumstance, notification should be turned off. (Otherwise, you'll get a lot of error on the OpenSSO debug log complaining about non-contactable agents.)

Production Scalability Consideration

  1. Policy changes are frequent
  2. Sites need to accept the fact that there will always be latency to reflect policy changes
  3. No hard rule on this latency time as long as it's acceptable for the site's specific needs

    The guideline when setting the Policy Cache Polling Period property is to set it to the lower of the two:

    • The session idle timeout period
    • Site’s accepted latency time for policy changes


    No comments:

    Post a Comment