Access Manager policy caching details

  • 3464380
  • 14-Feb-2007
  • 26-Apr-2012


Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Netware Access Gateway
Novell Access Management 3 Linux Novell Identity Server


Within policy SOAP responses to Access gateway or IDP devices, there is a TTL (time to live) field indicating how long that info is valid. For example, the identity injection response below has a TTL of -1, indicating that the data will be cached for the lifetime of the session.





Other TTL timeout values seen are:

0 = Good for this request only
60 = Good for 60 seconds
-1 = Good for the life of the session

Form Fill policies always have a ttl of -1 (because the evaluation really occurrs in the proxy)

Identity Injection policies typically have a ttl of -1.

Authorization policies have a ttl based on what is in the policy. The policy engine sends:
ttl=0 for policies with request sensitive data,
ttl=60 for policies with date/time conditions but no request sensitive
data, and
ttl=-1 for policies with no data/time conditions and no request
sensitive data

Sensitive information includes the following attributes:

Client IP
Destination IP
HTTP Request Method
Url Scheme
Url Host
Ufl Path
Url Filename
Url File Extension
X-Forwarded-For IP