WSO2 Identity Server has multiple cache layers to improve the performance of the different scenarios.
We can see the configuration section in identity.xml to manage the each and every cache layers as in the below.
There are below attribute in each cache configuration.
name
Cache name is used to build the cache instance and it should be unique for a JVM. When the carbon kernel create the cache object for a specific cache requirement, it uses this name as the unique identifier for that.
enable
To enable the cache usage for a specific cache layer, we have to enable it for that cache config. If we disable it means, that feature will not cache the value and may be either persist in a database or may nothing store at the server level. That would depend on the feature.
timeout
When we put a cache entry to the cache instance, it keep the started time and will keep in their until it reach the timeout value. After that, this cache entry will be evict from the cache.
If we want to have a never ending cache which mean, we don’t need to expire it, then we have to set this value as -1.
capacity
The capacity is the count of the cache entry and this is not related to the size(size means how many MB it can hold) of the cache.
isDistributed
This is enable to distribute the cache entry over the cluster through the Hazelcast. If it is false means, only keep the cache object in local cache.
So by disabling the distributed cache, start the cache invalidation notification system over the cluster.
More details about this from here : https://medium.com/@harsha.thirimanna/cache-invalidation-in-wso2-carbon-kernel-platform-31753fe879ba
Here is the detail explanation about the each and every cache layers.
AppAuthFrameworkSessionContextCache
org.wso2.carbon.identity.application.authentication.framework.cache.SessionContextCache
SessionContextCache object has all the details about the authenticated user. This must be shared across the nodes in the cluster because this is the unique representation of the logged user in the identity server side.
AuthenticationContextCache
org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCache
Until the authentication request get successfully authenticated, all the information are stored in this cache object and this cache object also should be shared across the cluster. Once the authentication request is authenticated successfully, this object will be removed from the cache and store the required information in the SessionContext cache.
AuthenticationRequestCache
org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCache
Since the initial authentication request has all the required details from the client application to the server, we have to store that information until the authentication flow is completed by the authentication framework. This is not from the inbound protocol validator level. So Authentication Framework wrap that information to the AuthenticationRequestCache object and store it in the cache.
AuthenticationResultCache
org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCache
This object hold the authentication result which is contain the authenticated user details, claim mappings and other authentication specific results and store in the cache. Once the user get authenticated through the authentication framework, it store this object in the cache and read from the inbound protocol handler when the response get build.
AppInfoCache
org.wso2.carbon.identity.oauth.cache.AppInfoCache
This is complete representation of the OAuth application information in Identity Server side. Unique for the client key and will be stored in the cache by wrapping the “OAuthAppDO” object.
AuthorizationGrantCache
org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache
To manage the user information over tokens are done by this cache layer. This cache object contains token, code and user attributes for authenticated user with some important information which will need to access in different flows like id-token building.
OAuthCache
org.wso2.carbon.identity.oauth.cache.OAuthCache
OAuth cache is general cache implementation which is not specific to an one type. This is used for following cache entries with its own specific cache key.
AccessToken -> Access Token Detail Object
AuthorizationCode -> Authorization Code Detail Object
ClientKey -> ClientCredential
ClientKey + Username -> ClientCredential
OAuthScopeCache
org.wso2.carbon.identity.oauth.cache.OAuthScopeCache
This cache object hold the Scope information like name, display name for each scope.
OAuthSessionDataCache
org.wso2.carbon.identity.oauth.cache.SessionDataCache
Once the request come to the inbound protocol validator level, it keeps the requested data by wrapping it in the OAuthSessionDataCache object. This is stored against the sessionDataKey which is used to manage the state in browser.
SAMLSSOParticipantCache
org.wso2.carbon.identity.sso.saml.cache.SAMLSSOParticipantCache