When caching is enabled, OpenSSO Enterprise has three options that can be used to invalidate dirty cache entries. The first is to set up a URL with which the OpenSSO Enterprise server can send session change notifications to clients on remote web containers. This works for web and standalone applications that can listen for HTTP(s) traffic. The second method (which works ONLY if notification is disabled) is polling. In this case, the client periodically checks the OpenSSO Enterprise server for session changes. The third method is referred to as Time-to-Live (TTL) and enforces a limit on the period of time dirty data remains in the cache before it is discarded. See the following sections for more information.
The notification method could cause a constant flood of notification changes that might overwhelm the client so be sure to choose the optimal method for your deployment.
Additional cache properties are in Policy Logging and Caching Properties.
com.sun.identity.client.notification.url defines the URI of the Notification Service running on the host machine on which the Client SDK is installed; by default, http://SDK-host.domain:port/opensso/notificationservice. This value is used for both the Service Management and Identity Repository caches. If no URL is specified, notification is disabled.
com.sun.identity.idm.remote.notification.enabled is used to enable or disable the notifications for the Identity Repository cache. If set to true notifications are enabled; false disabled.
com.sun.identity.sm.notification.enabled is used to enable or disable the notifications for the Service Management cache. If set to true notifications are enabled; false disabled.
See Sending Notifications to the Client SDK Cache for more information on the Notification Service.
Notification must be disabled.
com.iplanet.am.sdk.remote.pollingTime defines the amount of time (in minutes) between each poll (check) by the client for Identity Repository data changes. This property also controls the polling time for the com.iplanet.am.sdk for backwards compatibility.
com.sun.identity.sm.cacheTime defines the amount of time (in minutes) between each poll (check) by the client for Service Management data changes.
The following properties relate to the cache Time To Live (TTL). TTL is a limit on the period of time before data in the cache should be discarded. These TTL properties are not included in AMConfig.properties by default but can be added as needed. These are the Service Management TTL properties.
com.sun.identity.sm.cache.ttl.enable enables the TTL function for the Service Management cache with a default value of true.
com.sun.identity.sm.cache.ttl limits the time (in minutes) to the defined value; by default, 30.
These are the Identity Repository TTL properties.
com.sun.identity.idm.cache.entry.expire.enabled takes a value of true or false which enables or disables, respectively, the Identity Repository TTL feature.
com.sun.identity.idm.cache.entry.user.expire.time specifies the time (in minutes) that user Identity Repository cache entries remain valid after their last modification. In other words, after the specified time has elapsed (following a modification or directory read), the data for the cached entry will expire and new requests for this data must be read from the directory. The default value is one minute.
com.sun.identity.idm.cache.entry.default.expire.time specifies the time (in minutes) that non-user Identity Repository cache entries remain valid after their last modification. In other words, after the specified time has elapsed (following a modification or directory read), the data for the cached entry will expire and new requests for this data must be read from the directory. The default value is one minute.
For backwards compatibility, these are the properties to configure the TTL feature for the com.iplanet.am.sdk classes.
com.iplanet.am.sdk.cache.entry.expire.enabled takes a value of true or false which enables or disables, respectively, the TTL feature for the com.iplanet.am.sdk classes.
com.iplanet.am.sdk.cache.entry.user.expire.time specifies the time (in minutes) that user cache entries remain valid after their last modification. The default value is one minute.
com.iplanet.am.sdk.cache.entry.default.expire.time specifies the time (in minutes) that non-user cache entries remain valid after their last modification. The default value is one minute.