You can enable the use of the cache and asynchronous updates though the User Profile with EAM Console. For more information, see Evidian EAM Console - Guide de l'administrateur.
The following sub-sections give information on how to tune the cache (when enabled) and configure asynchronous updates on your EAM workstations.
Since LDAP directory servers can be unavailable (offline work on a laptop, failure of the servers or network), the SSO engine can create a cache when it works in LDAP storage mode.
The cache is created on the user's workstation upon user authentication. It contains the following data:
This cache is located in the following registry key: HKLM\Software\Enatel\WiseGuard\Framework\Cache\CacheDir
When servers are unavailable, queries are made on the cache. Queries that modify the cache are recorded so they can be replayed when a server becomes available.
The cache is also used to reduce the number of queries between Enterprise SSO and LDAP directory servers. So even if the LDAP directory servers are available, the cache is used and works as a buffer:
|
NOTE:
|
The asynchronous update of the application data on the workstations (LDAP storage mode only) avoids the update during the user’s authentication. Thus, the network and the directory are not massively loaded during critical hours (for instance, at 9am) and user’s authentication duration decreases.
The registry key values detailed in Cache and Update Timing Parameters allow you to:
When the workstation is starting up, it checks if application data in the cache is available. Indeed asynchronous update may have been bypassed if the workstation was off for too long or during each defined time-slice.
If data is not up to date:
At the time of asynchronous update, the directory may be unavailable. In this case update is retried later when the directory is available and according to possible time-slice.
You can modify the cache and application data update timing parameters by editing values located in the following registry keys:
HKLM\Software\Policies\Enatel\WiseGuard\Framework\Cache
HKLM\Software\Enatel\WiseGuard\Framework\Cache
|
IMPORTANT: The second key must be set on every computer, while the first key (Policies) can be set with centralized parameters. For more details, see Evidian EAM Installation Guide |
The cache timings can be set with these values:
Value |
Default |
Min |
Description | ||
|
30 |
1 |
Time in seconds between two LDAP directory connection checks. | ||
|
10
|
0
|
Duration of cache data validity. Time in seconds.
| ||
|
|
|
Cache directory. | ||
|
1
|
|
Cache availability on Access Points: 0: Off. 1: On. | ||
|
1
|
|
User cache availability. 0: Off. 1: On+AccessPoint Cache=1 | ||
|
|
|
Period (in days) between two updates of the application data on the workstation (for asynchronous update). Note: only applies for applications of the workstation's domain. | ||
|
0
|
|
If activated, the workstation chooses a random latency period before updating its application data, between zero and the update period (and during chosen time-slice if defined). 0: Off. non null: On. Note: If multiple workstations are installed simultaneously (and during time-slice if defined), the application data is downloaded from all these workstations. This value avoids an overload during the deployment, and creates an interval between the updates. | ||
|
|
|
Starting time (in minutes) of the time-slice during which the update of the application data on the workstation is allowed. | ||
|
|
|
Ending time (in minutes) of the time-slice during which the update of the application data on the workstation is allowed. |
|
IMPORTANT: If you are using Group Policies (see Evidian EAM Installation Guide), read this: The PerformanceCacheDelay value is overwritten by the Group Policy WGSS => Network cache: PerformanceCacheDelay. If you change the Group Policy, the information is propagated by Microsoft and the delay depends on your servers' topology (server replication time). |
The following registry keys allow you to configure the asynchronous directory update of collected accounts, for Enterprise SSO used in Access Collector mode:
HKLM\Software\Enatel\WiseGuard\Framework\Cache\
SelfRegistrationUpdatePeriod
Delay (in minutes) between two updates of the collected SSO accounts from the workstation cache into the directory, in an asynchronous way.
If this value is set to 0 or not defined, the update is done automatically each time an account is collected.
HKLM\Software\Enatel\WiseGuard\Framework\Authentication\ CacheSynchroWithAuth
In case of a roaming context (shared workstations, Citrix systems), this option forces a synchronous update of the cache at logon:
Integrating Care-FX with enterprise SSO enables you to authenticate to Care-FX with the Fast User Switching method (FUS) without having to provide any credentials.
When the FUS method is activated, each time a user logs:
The user identity is retrieved through a COM interface.
|
NOTE: This COM interface is self-registering during E-SSO installation. |
When E-SSO stops, it sends a logout notification.
To activate the FCC Notification, execute the following procedure.
Set the two following registry values:
|
NOTE: Both registry values can be set through policies. |
To integrate the COM interface with FCC Notification, execute the following procedure.
Add the following registry key:
|
IMPORTANT: After E-SSO installation, you must obtain the following registry value: HKEY_CLASSES_ROOT\CfxQEIntf.SSOQuest. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy