WSO2 Identity Server has multiple cache layers which are used to improve the performance of the different scenarios.
We can see the configuration section in The following configuration block found in the <IS_HOME>/repository/conf/identity/identity.xml
file is used to manage and configure the each and every cache layers as in the below.
There are below attribute in each cache configuration.
...
The code block below shows an example of one such cache layer.
Code Block | ||
---|---|---|
| ||
<CacheConfig> <CacheManager name="IdentityApplicationManagementCacheManager"> |
...
<Cache name="AppAuthFrameworkSessionContextCache" enable="true" timeout="300" capacity="5000" isDistributed="false" |
...
/> <Cache name="AuthenticationContextCache" enable="true" timeout="300" capacity="5000" isDistributed="false" |
...
/> <Cache name="AuthenticationRequestCache" enable="true" timeout="300" capacity="5000" isDistributed="false" |
...
/> <Cache name="AuthenticationResultCache" enable="true" timeout="300" capacity="5000" isDistributed="false" |
...
/> <Cache name="AppInfoCache" enable="true" timeout="900" capacity="5000" isDistributed="false" |
...
/> <Cache name="AuthorizationGrantCache" enable="true" timeout="300" capacity="5000" isDistributed="false" |
...
/> <Cache name="OAuthCache" enable="true" timeout="300" capacity="5000" isDistributed="false" |
...
/> <Cache name="OAuthScopeCache" enable="true" timeout="300" capacity="5000" isDistributed="false" |
...
/> <Cache name="OAuthSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false" |
...
/> <Cache name="SAMLSSOParticipantCache" enable="true" timeout="300" capacity="5000" isDistributed="false" |
...
/> <Cache name="SAMLSSOSessionIndexCache" enable="true" timeout="300" capacity="5000" isDistributed="false" |
...
/> <Cache name="SAMLSSOSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false" |
...
/> <Cache name="ServiceProviderCache" enable="true" timeout="900" capacity="5000" isDistributed="false" |
...
/> <Cache name="ProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false" |
...
/> <Cache name="ProvisioningEntityCache" enable="true" timeout="900" capacity="5000" isDistributed="false" |
...
/> <Cache name="ServiceProviderProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false" |
...
/> <Cache name="IdPCacheByAuthProperty" enable="true" timeout="900" capacity="5000" isDistributed="false" |
...
/> <Cache name="IdPCacheByHRI" enable="true" timeout="900" capacity="5000" isDistributed="false" |
...
/> <Cache name="IdPCacheByName" enable="true" timeout="900" capacity="5000" isDistributed="false" /> |
...
</CacheManager> |
...
</CacheConfig> |
Each cache layer contains the following attributes:
Table of Contents | ||||
---|---|---|---|---|
|
name
Cache The cache name is used to build the cache instance and it should be is unique for to a JVM. When This name is used as the unique identifier when the carbon kernel create creates the cache object for a specific cache requirement, it uses this name as the unique identifier for that.
enable
To This parameter is used to enable the cache usage for a specific cache layer, we have to enable it for that cache config. If we disable it means, that . If this parameter is disabled, it means that the feature will not cache the value and may be depending on the feature, will either persist it in a database or may nothing not store it at all at the server level. That would depend on the feature.
timeout
When we put a cache entry is added to the cache instance, it keep the started start time and will keep in their until it reach is recorded and the entry is stored until the time exceeds the timeout value. After that, this cache entry will be evict Once the time reaches the timeout, the cache entry is evicted from the cache.If we want to have a never ending cache which mean, we don’t need to expire it, then we have to set this value as -1.
Set this value to -1 to store the cache entry indefinitely.
capacity
The capacity is the count of the cache entry and . Note that this value is not related to the size( size means how many MB it can hold) of the cache.
isDistributed
This parameter is enable used to distribute the cache entry over the cluster through the Hazelcast. If it is set to false means, only keep the cache object is stored only in the local cache.
So by disabling Disabling the distributed cache , start triggers the cache invalidation notification system over the cluster.
More details about this from here : https://medium.com/@harsha.thirimanna/cache-invalidation-in-wso2-carbon-kernel-platform-31753fe879ba
Here is the detail explanation about the each and every cache layers.
AppAuthFrameworkSessionContextCache
org.wso2.carbon.identity.application.authentication.framework.cache.SessionContextCache
SessionContextCache object has all the , which notifies all other nodes in the cluster to invalide their local caches when one node is updating its local cache.
AppAuthFrameworkSessionContextCache
The SessionContextCache object contains details about the authenticated user. This must be shared across the nodes in the cluster because this is the unique representation of the logged authenticated user in the identity server side.
AuthenticationContextCache
org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCache
Until the authentication request get is successfully authenticated, all the authentication information are stored in this cache object and this cache object also should is stored in the AuthenticationContextCache object, which needs to be shared across all nodes in the cluster. Once the authentication request user is authenticated successfully, this object will be is removed from the cache and store the required information is stored in the SessionContext cache.
AuthenticationRequestCache
org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCache
Since the initial authentication request has The AuthenticationRequestCache object holds all the required details from the client application to the server, we have to store that information authentication request until the authentication flow is completed by the authentication framework. This Note that this is not from the inbound protocol validator level. So The Authentication Framework wrap that wraps the information to the AuthenticationRequestCache object and store stores it in the cache.
AuthenticationResultCache
org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCache
This object hold The AuthenticationResultCache object holds the authentication result which is contain that contains the authenticated user details, claim mappings and other authentication specific results, and store stores this information in the cache. Once the user get gets authenticated through the authentication framework, it store stores this object in the cache and read reads the response from the inbound protocol handler when once the response get buildis built.
AppInfoCache
org.wso2.carbon.identity.oauth.cache.AppInfoCache
This is The AppInfoCache is a complete representation of the OAuth application information in WSO2 Identity Server side. Unique It is unique for the client key and will be is stored in the cache by wrapping the “OAuthAppDO” object.
AuthorizationGrantCache
org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache
To manage The AuthorizationGrantCache manages the user information over tokens are done by this cache layer. This cache object contains the token, code, and user attributes for the authenticated user with some important information which will need that is needed to access in different flows like such as id-token building.
OAuthCache
org.wso2.carbon.identity.oauth.cache.OAuthCache
OAuth cache is The OAuthCache is a general cache implementation which is not specific to an one type of cache. This is used for the following cache entries with its own specific cache key.
AccessToken -> : Access Token Detail Object
AuthorizationCode -> : Authorization Code Detail Object
ClientKey -> : ClientCredential
ClientKey + Username -> : ClientCredential
OAuthScopeCache
org.wso2.carbon.identity.oauth.cache.OAuthScopeCache
This cache object hold the Scope information like name, The OAuthScopeCache object holds scope information such as the name and display name for each scope.
OAuthSessionDataCache
org.wso2.carbon.identity.oauth.cache.SessionDataCache
Once the request come to is recieved by the inbound protocol validator level, it keeps the requested data by wrapping it in the OAuthSessionDataCache object. This is stored against the sessionDataKey, which is used to manage the state in browser.
SAMLSSOParticipantCache
org.wso2.carbon.identity.sso.saml.cache.SAMLSSOParticipantCache
SAMLSSOSessionIndexCache
SAMLSSOSessionDataCache
ServiceProviderCache
ProvisioningConnectorCache
ProvisioningEntityCache
ServiceProviderProvisioningConnectorCache
IdPCacheByAuthProperty
IdPCacheByHRI
...
browser state.