...
The following configuration block found in the <IS_HOME>/repository/conf/identity/identity.xml
file is used to manage and configure the cache layers.
The code block below shows an example of one such cache layer.
Code Block | ||
---|---|---|
| ||
<CacheConfig> <CacheManager name="IdentityApplicationManagementCacheManager"> <Cache name="AppAuthFrameworkSessionContextCache" enable="true" timeout="300" capacity="5000" isDistributed="false" /> <Cache name="AuthenticationContextCache" enable="true" timeout="300" capacity="5000" isDistributed="false" /> <Cache name="AuthenticationRequestCache" enable="true" timeout="300" capacity="5000" isDistributed="false" /> <Cache name="AuthenticationResultCache" enable="true" timeout="300" capacity="5000" isDistributed="false" /> <Cache name="AppInfoCache" enable="true" timeout="900" capacity="5000" isDistributed="false" /> <Cache name="AuthorizationGrantCache" enable="true" timeout="300" capacity="5000" isDistributed="false" /> <Cache name="OAuthCache" enable="true" timeout="300" capacity="5000" isDistributed="false" /> <Cache name="OAuthScopeCache" enable="true" timeout="300" capacity="5000" isDistributed="false" /> <Cache name="OAuthSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false" /> <Cache name="SAMLSSOParticipantCache" enable="true" timeout="300" capacity="5000" isDistributed="false" /> <Cache name="SAMLSSOSessionIndexCache" enable="true" timeout="300" capacity="5000" isDistributed="false" /> <Cache name="SAMLSSOSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false" /> <Cache name="ServiceProviderCache" enable="true" timeout="900" capacity="5000" isDistributed="false" /> <Cache name="ProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false" /> <Cache name="ProvisioningEntityCache" enable="true" timeout="900" capacity="5000" isDistributed="false" /> <Cache name="ServiceProviderProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false" /> <Cache name="IdPCacheByAuthProperty" enable="true" timeout="900" capacity="5000" isDistributed="false" /> <Cache name="IdPCacheByHRI" enable="true" timeout="900" capacity="5000" isDistributed="false" /> <Cache name="IdPCacheByName" enable="true" timeout="900" capacity="5000" isDistributed="false" /> </CacheManager> </CacheConfig> |
...
Table of Contents | ||||
---|---|---|---|---|
|
name
The cache name is used to build the cache instance and is unique to a JVM. This name is used as the unique identifier when the carbon kernel creates the cache object for a specific cache requirement.
enable
This parameter is used to enable the cache usage for a specific cache layer. If this parameter is disabled, it means that the feature will not cache the value and depending on the feature, will either persist it in a database or not store it at all at the server level.
timeout
When a cache entry is added to the cache instance, the start time is recorded and the entry is stored until the time exceeds the timeout value. Once the time reaches the timeout, the cache entry is evicted from the cache.
Set this value to -1 to store the cache entry indefinitely.
capacity
The capacity is the count of the cache entry. Note that this value is not related to the size of the cache.
isDistributed
This parameter is used to distribute the cache entry over the cluster through Hazelcast. If it is set to false, the cache object is stored only in the local cache.
Disabling the distributed cache triggers the cache invalidation notification system, which notifies all other nodes in the cluster to invalide their local caches when one node is updating its local cache.
AppAuthFrameworkSessionContextCache
The SessionContextCache object contains details about the authenticated user. This must be shared across the nodes in the cluster because this is the unique representation of the authenticated user.
AuthenticationContextCache
Until the authentication request is successfully authenticated, all authentication information is stored in the AuthenticationContextCache object, which needs to be shared across all nodes in the cluster. Once the user is authenticated successfully, this object will is removed from the cache and the required information is stored in the SessionContext cache.
AuthenticationRequestCache
The AuthenticationRequestCache object holds all the required details from the authentication request until the authentication flow is completed by the authentication framework. Note that this is not from the inbound protocol validator level. The Authentication Framework wraps the information to the AuthenticationRequestCache object and stores it in the cache.
AuthenticationResultCache
The AuthenticationResultCache object holds the authentication result that contains the authenticated user details, claim mappings and other authentication specific results, and stores this information in the cache. Once the user gets authenticated through the authentication framework, it stores this object in the cache and reads the response from the inbound protocol handler once the response is built.
AppInfoCache
The AppInfoCache is a complete representation of the OAuth application information in WSO2 Identity Server. It is unique for the client key and is stored in the cache by wrapping the “OAuthAppDO” object.
AuthorizationGrantCache
The AuthorizationGrantCache manages the user information over tokens. This cache object contains the token, code, and user attributes for the authenticated user with some important information that is needed to access different flows such as id-token building.
OAuthCache
The OAuthCache is a general cache implementation which is not specific to one type of cache. This is used for the following cache entries with its own specific cache key.
...
ClientKey + Username: ClientCredential
OAuthScopeCache
The OAuthScopeCache object holds scope information such as the name and display name for each scope.
OAuthSessionDataCache
Once the request is recieved by the inbound protocol validator, it keeps the requested data by wrapping it in the OAuthSessionDataCache object. This is stored against the sessionDataKey, which is used to manage the browser state.