Attribute Cache Configurations
The caching of values fetched by Attribute Finders (PIPs) is an important means of increasing the performance of a PDP. Accordingly, Axiomatics default Attribute Connectors (SQL, LDAP) make use of attribute caching.
The Cache Configurations in ASM are objects specifying whether and how attributes fetched from external sources (SQL, LDAP etc.) should be cached by a PDP via Attribute Finders.
The Cache Configurations are managed as separate, first-order objects with their own life cycle in ASM. Once a Cache Configuration has been created, it is set per attribute mapping within the Attribute Connector configurations.
Changes to the Cache Configuration, including modifications or deletions of cache profiles, will be propagated to all Authorization Services with Attribute Finders that use corresponding profiles.
General configuration
Field | Description | Supported format |
---|---|---|
Name | The name of the Cache Configuration as it is referenced in the ASM system. This should generally be kept short and meaningful to the ASM administrator. | Any string |
Description | Free-form description of the Cache Configuration | Any string |
Time to live | How long the PDP will store the cached values. When the time expires, the cached values will be removed from the PDP's memory. | Integer data type is supported here. The value is specified in seconds. |
Max cache size | The maximum number of attribute values the cache will store per attribute mapping. | Integer data type is supported here. The value is specified in items. |
When a cache reaches its maximum capacity, the PDP and its Attribute Finders will still be able to store a new attribute value, but this will cause the least recently used (LRU) cached value to be evicted from the cache.
Create a new Cache Configuration
A new Cache Configuration can be created by clicking the Create icon in the action bar of the Cache Configuration tab. This opens an empty edit form in the Tools pane where all the information for the new cache can be filled in.
Any number of Cache Configurations can be created in the system but there will be two configurations present by default in the system:
Default - An editable but not removable configuration that has a default setting to not cache attributes. Any new attribute mapping will get this setting. This configuration can be redefined to enable caching for a large number of attributes.
No cache - A non-editable and non-removable setting that always can be used to turn off caching for attributes.
Modify a Cache Configuration
To modify a Cache Configuration:
Select the desired Cache Configuration from the list by clicking it.
The edit mode opens.
Make the desired changes in the Tools side panel.
Click Apply to submit the changes or Cancel to discard the modifications.
Delete a Cache Configuration
Delete one or more Cache Configurations by selecting the checkbox(es) to the left of the name(s) on the list and then click the Remove button in the action bar.
All Attribute Finders using the deleted profile will revert to using the default profile instead. In addition, the change will be immediately propagated to all Authorization Services.
Use a Cache Configuration for Attribute Connectors
Follow the steps below to use a Cache Configuration for an attribute mapping within an Attribute Connector:
Open the Attribute Connectors tab in the main pane.
Create an Attribute Connector.
Add the needed configuration.
As soon as an attribute mapping has been added and saved, the Cache Configuration link for this Attribute Connector will appear in the Attribute Connectors list.
Click the Cache Configuration link.
The Tools pane opens.
Select the Cache Configuration and assign it to the attribute mappings in the Attribute Connector.
Field | Description | Supported format |
---|---|---|
Category | Category of the attribute used in the attribute mapping | Standard category specified in the Attribute Dictionary |
ID | The Attribute ID | Attribute ID format |
Name | The name of the Cache Configuration | Available Cache Configurations are given in the drop-down list |