This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

WSO2 Identity Server has multiple cache layers to improve the performance of the different scenarios.

We can see the configuration section in identity.xml to manage the each and every cache layers as in the below.

There are below attribute in each cache configuration.

<CacheConfig>
       <CacheManager name="IdentityApplicationManagementCacheManager">
              <Cache name="AppAuthFrameworkSessionContextCache" enable="true" timeout="300" capacity="5000" isDistributed="false" />
              <Cache name="AuthenticationContextCache" enable="true" timeout="300" capacity="5000" isDistributed="false" />
              <Cache name="AuthenticationRequestCache" enable="true" timeout="300" capacity="5000" isDistributed="false" />
              <Cache name="AuthenticationResultCache" enable="true" timeout="300" capacity="5000" isDistributed="false" />
              <Cache name="AppInfoCache" enable="true" timeout="900" capacity="5000" isDistributed="false" />
              <Cache name="AuthorizationGrantCache" enable="true" timeout="300" capacity="5000" isDistributed="false" />
              <Cache name="OAuthCache" enable="true" timeout="300" capacity="5000" isDistributed="false" />
              <Cache name="OAuthScopeCache" enable="true" timeout="300" capacity="5000" isDistributed="false" />
              <Cache name="OAuthSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false" />
              <Cache name="SAMLSSOParticipantCache" enable="true" timeout="300" capacity="5000" isDistributed="false" />
              <Cache name="SAMLSSOSessionIndexCache" enable="true" timeout="300" capacity="5000" isDistributed="false" />
              <Cache name="SAMLSSOSessionDataCache" enable="true" timeout="300" capacity="5000" isDistributed="false" />
              <Cache name="ServiceProviderCache" enable="true" timeout="900" capacity="5000" isDistributed="false" />
              <Cache name="ProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false" />
              <Cache name="ProvisioningEntityCache" enable="true" timeout="900" capacity="5000" isDistributed="false" />
              <Cache name="ServiceProviderProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false" />
              <Cache name="IdPCacheByAuthProperty" enable="true" timeout="900" capacity="5000" isDistributed="false" />
              <Cache name="IdPCacheByHRI" enable="true" timeout="900" capacity="5000" isDistributed="false" />
              <Cache name="IdPCacheByName" enable="true" timeout="900" capacity="5000" isDistributed="false" />
       </CacheManager>
</CacheConfig>


name

Cache name is used to build the cache instance and it should be unique for a JVM. When the carbon kernel create the cache object for a specific cache requirement, it uses this name as the unique identifier for that.

enable

To enable the cache usage for a specific cache layer, we have to enable it for that cache config. If we disable it means, that feature will not cache the value and may be either persist in a database or may nothing store at the server level. That would depend on the feature.

timeout

When we put a cache entry to the cache instance, it keep the started time and will keep in their until it reach the timeout value. After that, this cache entry will be evict from the cache.

If we want to have a never ending cache which mean, we don’t need to expire it, then we have to set this value as -1.

capacity

The capacity is the count of the cache entry and this is not related to the size(size means how many MB it can hold) of the cache.

isDistributed

This is enable to distribute the cache entry over the cluster through the Hazelcast. If it is false means, only keep the cache object in local cache.

So by disabling the distributed cache, start the cache invalidation notification system over the cluster.

More details about this from here : https://medium.com/@harsha.thirimanna/cache-invalidation-in-wso2-carbon-kernel-platform-31753fe879ba

Here is the detail explanation about the each and every cache layers.

AppAuthFrameworkSessionContextCache

org.wso2.carbon.identity.application.authentication.framework.cache.SessionContextCache

SessionContextCache object has all the details about the authenticated user. This must be shared across the nodes in the cluster because this is the unique representation of the logged user in the identity server side.

AuthenticationContextCache

org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationContextCache

Until the authentication request get successfully authenticated, all the information are stored in this cache object and this cache object also should be shared across the cluster. Once the authentication request is authenticated successfully, this object will be removed from the cache and store the required information in the SessionContext cache.

AuthenticationRequestCache

org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCache

Since the initial authentication request has all the required details from the client application to the server, we have to store that information until the authentication flow is completed by the authentication framework. This is not from the inbound protocol validator level. So Authentication Framework wrap that information to the AuthenticationRequestCache object and store it in the cache.

AuthenticationResultCache

org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCache

This object hold the authentication result which is contain the authenticated user details, claim mappings and other authentication specific results and store in the cache. Once the user get authenticated through the authentication framework, it store this object in the cache and read from the inbound protocol handler when the response get build.

AppInfoCache

org.wso2.carbon.identity.oauth.cache.AppInfoCache

This is complete representation of the OAuth application information in Identity Server side. Unique for the client key and will be stored in the cache by wrapping the “OAuthAppDO” object.

AuthorizationGrantCache

org.wso2.carbon.identity.oauth.cache.AuthorizationGrantCache

To manage the user information over tokens are done by this cache layer. This cache object contains token, code and user attributes for authenticated user with some important information which will need to access in different flows like id-token building.

OAuthCache

org.wso2.carbon.identity.oauth.cache.OAuthCache

OAuth cache is general cache implementation which is not specific to an one type. This is used for following cache entries with its own specific cache key.

AccessToken -> Access Token Detail Object

AuthorizationCode -> Authorization Code Detail Object

ClientKey -> ClientCredential

ClientKey + Username -> ClientCredential

OAuthScopeCache

org.wso2.carbon.identity.oauth.cache.OAuthScopeCache

This cache object hold the Scope information like name, display name for each scope.

OAuthSessionDataCache

org.wso2.carbon.identity.oauth.cache.SessionDataCache

Once the request come to the inbound protocol validator level, it keeps the requested data by wrapping it in the OAuthSessionDataCache object. This is stored against the sessionDataKey which is used to manage the state in browser.

  • No labels