-
タイトル
Cache refresh issue -
説明
When changing the user profile for a specific user, the change is not taken into account on the next authentication as expected, based on the product documentation (see "Appendix A: Cache Tuning and Asynchronous Update of the Application Data" of the SSOWatch Admin Guide).
Traces attached show user "user1" who received the profile "Shared Workstation User Security Profile" in the console, which features an inactivity delay of 1 minute. This profile is still not enabled even after doing a "reset configuration" and restarting the SSO engine. -
対策
With regards to updating the user cache automatically (which carries the detail of which User Security Profile is in use) the only way is to wait for the cache to expire; setting a smaller cache validity period will cause this to happen more quickly. Of course, the cache would need to be updated for each user before this setting would take effect also.
Due to the nature of caching, you can't update the User Security Profile and force an update to occur before the validity period has expired, doing so would be equivalent to turning caching off which is not advised.
The cache set in the User Security Profile is reliant on caching being available on the access point, therefore the performance cache validity period (Access Point profile, cache properties, user data) should be set to less than the value of the Cache Validity Period in the access point profile, since this cache will update only against the performance cache.
If you need to reduce the cache validity period, you need to change both cache values, as above. That said, it is not advised due to the load on the network.
Please refer to the Console Admin guide for more information: https://support.oneidentity.com/technical-documents/enterprise-single-sign-on/9.0.2/one-identity-enterprise-access-management-console-administration-guide/19#TOPIC-867909