Environment
Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Access Gateway
Novell Access Management 3 Netware Access Gateway
Novell Access Management 3 Linux Novell Identity Server
Situation
Within policy SOAP responses to Access gateway or IDP devices,
there is a TTL (time to live) field indicating how long that info
is valid. For example, the identity injection response below has a
TTL of -1, indicating that the data will be cached for the lifetime
of the session.
Other TTL timeout values seen are:
0 = Good for this request only
60 = Good for 60 seconds
-1 = Good for the life of the session
Form Fill policies always have a ttl of -1 (because the evaluation really occurrs in the proxy)
Identity Injection policies typically have a ttl of -1.
Authorization policies have a ttl based on what is in the policy. The policy engine sends:
ttl=0 for policies with request sensitive data,
ttl=60 for policies with date/time conditions but no request sensitive
data, and
ttl=-1 for policies with no data/time conditions and no request
sensitive data
Sensitive information includes the following attributes:
Client IP
Destination IP
HTTP Request Method
Url
Url Scheme
Url Host
Ufl Path
Url Filename
Url File Extension
X-Forwarded-For IP
Other TTL timeout values seen are:
0 = Good for this request only
60 = Good for 60 seconds
-1 = Good for the life of the session
Form Fill policies always have a ttl of -1 (because the evaluation really occurrs in the proxy)
Identity Injection policies typically have a ttl of -1.
Authorization policies have a ttl based on what is in the policy. The policy engine sends:
ttl=0 for policies with request sensitive data,
ttl=60 for policies with date/time conditions but no request sensitive
data, and
ttl=-1 for policies with no data/time conditions and no request
sensitive data
Sensitive information includes the following attributes:
Client IP
Destination IP
HTTP Request Method
Url
Url Scheme
Url Host
Ufl Path
Url Filename
Url File Extension
X-Forwarded-For IP