Each web agent maintains a cache that stores the policies for every user’s session. The cache can be updated by a cache polling mechanism and a cache notification mechanism.
A web agent maintains a cache of all active sessions involving content that the agent protects. Once an entry is added to an agent's cache, it remains valid for a period of time after which the entry is considered expired and later purged. This feature relies on a polling mechanism.
The web agent property labeled Policy Cache Polling Period (com.sun.identity.agents.config.policy.cache.polling.interval) determines the number of minutes an entry will remain in the web agent cache. Once the interval specified by this property has elapsed, the entry is dropped from the cache. By default, the expiration time is set to three minutes.
In this mode, cache entry expiration still applies through use of the polling mechanism. In addition, the web agent gets notified by the OpenSSO Enterprise service about session changes through use of a notification mechanism. Session changes include events such as session logout or a session timeout. When notified of a session or a policy change, the web agent updates the corresponding entry in the cache. Apart from session updates, web agents can also receive policy change updates. Policy changes include events such as updating, deleting, and creating policies.
Web agents have the hybrid cache update mode switched on by default. This is triggered by the web agent property labeled Enable Notifications com.sun.identity.agents.config.notification.enable. When this property is disabled, the web agent updates its cache through the polling mechanism only.
Restrictions due to firewalls, as well as the type of deployment container in use, might not allow notifications to work. In such cases, the notification mechanism is turned off.
The web agent sets a timeout period on its cache entries. After its end of life, the cache entry is purged from the web agent’s cache. The web agent does not refetch the cache data. The next attempt to access the same entry from cache fails and the web agent makes a round trip to the server and fetches it again to populate the cache. This lazy method of cache updating keeps the web agent cache performing optimally and reduces network traffic.
In a normal deployment situation, policy changes on the server are frequent, which requires sites to accept a certain amount of latency for web agents to reflect policy changes. Each site decides the amount of latency time that is acceptable for the site’s specific needs. When setting the Policy Cache Polling Period property, set it to the lower of the two:
The session idle timeout period
Your site’s accepted latency time for policy changes