Information about the cache data refresh and the cache delay on User Access / Enterprise SSO
The cache is stored into the directory described into the following data registry path:
The cache is created on the workstation at the user authentication.
It is decomposed in cache files by user and by workstation (access point).
The user cached data are:
The access Point cached data are:
Cache period validity
The cache validity data are defined into the user profile, in the session folder.
The validity is provided in days.
These data indicate one cache validity period, there are renewed at each user authentication.
All user data are linked with validity period registered into the following registry key:
HKLM\Software\Enatel\WiseGuard\Framework\Cache\PerformanceCacheDelay (DW) value in seconds
If it is not available in the cache, the user data configuration (application definition, windows, PFCP) is refreshed (updated) at the engine startup, if not, to force this refresh, the end user can execute a restart of the engine from his workstation.
The data linked to the user profile are refreshed at the cache data expiration.
The user account data are refreshed:
At the SSO Engine start. This refresh can be inactivated with the registry key:
HKLM\Software\Enatel\WiseGuard\Framework\Authentication\CacheSynchroWithAuth (DW) value different from 0.
At the internal request: the SSO Engine verifies the cache data validity and according to the result the reading is carried out in the cache or the LDAP directory.
How to reduce the cache delay?
You have the possibility to reduce the delay with he following value:
But this configuration will be overwritten by group policy SGSS->Network cache: PerformanceCacheDelay.
By this way, how is the delay managed in case changing group policy and how the information will be propagated?
Information is propagated by Microsoft and the delay depends on servers topology (time servers replication).
There is no warning in advance, e.g. some days before the cache will expire.
Cache update in a VPN network
The only way to have a refreh of the Data after the establishement of the VPN connexion is to stop and start the SSOENGINE.
The ServerCache value (REG_SZ) located under HKLM\SOFTWARE\Enatel\WiseGuard\Framework\Cache registry key can contain the directory name (UNC "Universal Naming Convention" name) where the user cache is copied.
This value makes it possible to have a user cache copy on a network drive, in addition to the local cache in order to allow a cache synchronization at user session start.
It is useful when the directory is not reachable but the network path is. In this case, user caches present on the different machines can be synchronized (copy of cache present on the server at session opening on the workstation).
Each user has his own cache file, its name contains the user GUID.
At session opening, the cache file is copied from the server to the local machine. It is copied in the opposite side at session closure. It is the same if the user has different sessions opened on several stations. The last closed session will overwrite the cache file present on the server, it does not induce any problem as normally the same pieces of information are present on the cache file.
This information is included in the "User Access Console Administrator's guide" (ref. 39 A2 27LY in evolution 6, 39 A2 62LX in evolution 5).
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback Conditions d’utilisation Confidentialité