Identity injection extension called for every request going through protected resource

  • 7009777
  • 21-Nov-2011
  • 26-Apr-2012


Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 Access Gateway Service
Novell Access Manager 3.1 Support PAck 4 installed
Custom Identity Injection policy created with SDK


When a user accesses an Access Gateway (Linux Appliance or Linux/Windows Service) protected 
resource with custom Identity Injection (II) plug in created with the Access Manager SDK
running, we retrieve the parameters with every request e.g. if we need to send the users mail
LDAP attribute with the II policy, the custom policy will retrieve this for every request to this
II enabled protected resource. This is unlike the standard assertion based attributes that get
cached locally at the Embedded Service Provider when accessing the protected resource for the
first time.

The II extension fetches some data from an external DB and puts it in the
headers. When the user first accesses the site, the extension is called.
However, the extension is then called for every subsequent request. This of
course makes the system very slow.


Modify the custom policy to cache the data for a time period to enhance performance.

Additional Information

An enhancement has been created to open the interface to allow for caching.