Adding a new user or group to Active Directory should not impact upon the performance of Single Sign-on for Java, as long as existing policy settings remain unchanged. Once a new user or group has been added to Active Directory, that user may be authenticated by Single Sign-on for Java through the existing mechanisms.
Single Sign-on for Java may cache information about user / group accounts for efficiency. For example, the groups that a user belongs to may be cached once that data has been obtained, and the authorization policy may be determined, based on this (cached) data.
If the group membership details of that user are updated dynamically, this may not be reflected in Single Sign-on for Java's cache, and subsequent authorization determinations may produce incorrect results.
Single Sign-on for Java performs dynamic lookups when resolving services to hosts (such as finding the key distribution center for a realm, or domain controller for a domain). Modifying the underlying network topology should therefore not present a problem for Single Sign-on for Java, although it should be noted that a lag between the time the topology has been modified and the time that dynamic lookups reflect this new topology may cause some connection timeouts.
This section provides solutions to some common problems which may be experienced when configuring and deploying applications using Single Sign-on for Java.