Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 Identity Server has multiple cache layers which are used to improve the performance of the different scenarios.

We can see the configuration section in The following configuration block found in the <IS_HOME>/repository/conf/identity/identity.xml file is used to manage and configure the each and every cache layers as in the below.

There are below attribute in each cache configuration.

...

The code block below shows an example of one such cache layer. 

Code Block
languagexml
<CacheConfig>
       <CacheManager name="IdentityApplicationManagementCacheManager">

...


              <Cache name="AppAuthFrameworkSessionContextCache" enable="true" timeout="300" capacity="5000" isDistributed="false"

...

 />
              <Cache name="AuthenticationContextCache" enable="true" timeout="300" capacity="5000" isDistributed="false"

...

 />
              <Cache name="AuthenticationRequestCache" enable="true" timeout="300" capacity="5000" isDistributed="false"

...

 />
              <Cache name="AuthenticationResultCache" enable="true" timeout="300" capacity="5000" isDistributed="false"

...

 />
              <Cache name="AppInfoCache" enable="true" timeout="900" capacity="5000" isDistributed="false"

...

 />
              <Cache name="AuthorizationGrantCache" enable="true" timeout="300" capacity="5000" isDistributed="false"

...

 />
              <Cache name="OAuthCache" enable="true" timeout="300" capacity="5000" isDistributed="false"

...

 />
              <Cache name="OAuthScopeCache" enable="true" timeout="300" capacity="5000" isDistributed="false"

...

 />
              <Cache name="OAuthSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false"

...

 />
              <Cache name="SAMLSSOParticipantCache" enable="true" timeout="300" capacity="5000" isDistributed="false"

...

 />
              <Cache name="SAMLSSOSessionIndexCache" enable="true" timeout="300" capacity="5000" isDistributed="false"

...

 />
              <Cache name="SAMLSSOSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false"

...

 />
              <Cache name="ServiceProviderCache" enable="true" timeout="900" capacity="5000" isDistributed="false"

...

 />
              <Cache name="ProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false"

...

 />
              <Cache name="ProvisioningEntityCache" enable="true" timeout="900" capacity="5000" isDistributed="false"

...

 />
              <Cache name="ServiceProviderProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false"

...

 />
              <Cache name="IdPCacheByAuthProperty" enable="true" timeout="900" capacity="5000" isDistributed="false"

...

 />
              <Cache name="IdPCacheByHRI" enable="true" timeout="900" capacity="5000" isDistributed="false"

...

 />
              <Cache name="IdPCacheByName" enable="true" timeout="900" capacity="5000" isDistributed="false" />

...


       </CacheManager>

...


</CacheConfig>

Each cache layer contains the following attributes:

Table of Contents
maxLevel5
minLevel5

name

Cache The cache name is used to build the cache instance and it should be is unique for to a JVM. When This name is used as the unique identifier when the carbon kernel create creates the cache object for a specific cache requirement, it uses this name as the unique identifier for that.

enable

To This parameter is used to enable the cache usage for a specific cache layer, we have to enable it for that cache config. If we disable it means, that . If this parameter is disabled, it means that the feature will not cache the value and may be depending on the feature, will either persist it in a database or may nothing not store it at all at the server level. That would depend on the feature.

timeout

When we put a cache entry is added to the cache instance, it keep the started start time and will keep in their until it reach is recorded and the entry is stored until the time exceeds the timeout value. After that, this cache entry will be evict Once the time reaches the timeout, the cache entry is evicted from the cache.If we want to have a never ending cache which mean, we don’t need to expire it, then we have to set this value as -1. 

Set this value to -1 to store the cache entry indefinitely. 

capacity

The capacity is the count of the cache entry and . Note that this value is not related to the size( size means how many MB it can hold) of the cache. 

isDistributed

This parameter is enable used to distribute the cache entry over the cluster through the Hazelcast. If it is set to false means, only keep the cache object is stored only in the local cache.

So by disabling Disabling the distributed cache , start triggers the cache invalidation notification system over the cluster.

More details about this from here : https://medium.com/@harsha.thirimanna/cache-invalidation-in-wso2-carbon-kernel-platform-31753fe879ba

Here is the detail explanation about the each and every cache layers.

AppAuthFrameworkSessionContextCache

org.wso2.carbon.identity.application.authentication.framework.cache.SessionContextCache

SessionContextCache object has all the , which notifies all other nodes in the cluster to invalide their local caches when one node is updating its local cache.

AppAuthFrameworkSessionContextCache

The SessionContextCache object contains details about the authenticated user. This must be shared across the nodes in the cluster because this is the unique representation of the logged authenticated user in the identity server side.

AuthenticationContextCache

org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCache

Until the authentication request get is successfully authenticated, all the authentication information are stored in this cache object and this cache object also should is stored in the AuthenticationContextCache object, which needs to be shared across all nodes in the cluster. Once the authentication request user is authenticated successfully, this object will be is removed from the cache and store the required information is stored in the SessionContext cache.

AuthenticationRequestCache

org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCache

Since the initial authentication request has The AuthenticationRequestCache object holds all the required details from the client application to the server, we have to store that information authentication request until the authentication flow is completed by the authentication framework. This Note that this is not from the inbound protocol validator level. So The Authentication Framework wrap that wraps the information to the AuthenticationRequestCache object and store stores it in the cache.

AuthenticationResultCache

org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCache

This object hold The AuthenticationResultCache object holds the authentication result which is contain that contains the authenticated user details, claim mappings and other authentication specific results, and store stores this information in the cache. Once the user get gets authenticated through the authentication framework, it store stores this object in the cache and read reads the response from the inbound protocol handler when once the response get buildis built.

AppInfoCache

org.wso2.carbon.identity.oauth.cache.AppInfoCache

This is The AppInfoCache is a complete representation of the OAuth application information in WSO2 Identity Server side. Unique It is unique for the client key and will be is stored in the cache by wrapping the “OAuthAppDO” object.

AuthorizationGrantCache

org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache

To manage The AuthorizationGrantCache manages the user information over tokens are done by this cache layer. This cache object contains the token, code, and user attributes for the authenticated user with some important information which will need that is needed to access in different flows like such as id-token building.

OAuthCache

org.wso2.carbon.identity.oauth.cache.OAuthCache

OAuth cache is The OAuthCache is a general cache implementation which is not specific to an one type of cache. This is used for the following cache entries with its own specific cache key.

AccessToken -> Access Token Detail Object

AuthorizationCode -> Authorization Code Detail Object

ClientKey -> ClientCredential

ClientKey + Username -> ClientCredential

OAuthScopeCache

org.wso2.carbon.identity.oauth.cache.OAuthScopeCache

This cache object hold the Scope information like name, The OAuthScopeCache object holds scope information such as the name and display name for each scope.

OAuthSessionDataCache

org.wso2.carbon.identity.oauth.cache.SessionDataCache

Once the request come to is recieved by the inbound protocol validator level, it keeps the requested data by wrapping it in the OAuthSessionDataCache object. This is stored against the sessionDataKey, which is used to manage the state in browser.

SAMLSSOParticipantCache

org.wso2.carbon.identity.sso.saml.cache.SAMLSSOParticipantCache

SAMLSSOSessionIndexCache

SAMLSSOSessionDataCache

ServiceProviderCache

ProvisioningConnectorCache

ProvisioningEntityCache

ServiceProviderProvisioningConnectorCache

IdPCacheByAuthProperty

IdPCacheByHRI

...

browser state.