Caches
Session cache
When a user authenticates with AM, this cache stores information about the session. IG can reuse the information without asking AM to verify the session token (SSO token or CDSSO token) for each request.
If WebSocket notifications are enabled, the cache evicts entries based on session notifications from AM, making the cached content more accurate and reliable.
By default, session information isn’t cached. To increase performance,
consider enabling and configuring the cache. Find out more from sessionCache in
AmService.
Policy cache
When the PolicyEnforcementFilter requests and receives a policy decision from AM, it stores the decision in the policy cache.
When a request matches a cached policy decision, IG can reuse the decision without asking AM for a new decision. When caching is disabled, IG must ask AM to make a decision for each request.
|
Maximize the cache hit ratio by using RequestResourceUriProvider or ScriptableResourceUriProvider in conjunction with AM policies. The PolicyEnforcementFilter identifies cached policy decisions by the resource URL returned by these URI providers. Find more information from the resourceUriProvider property of PolicyEnforcementFilter. |
If WebSocket notifications are enabled, the cache evicts entries based on policy notifications from AM, making the cached content more accurate and reliable.
By default, policy decisions aren’t cached.
User profile cache
When the UserProfileFilter retrieves user information, it caches it. IG can reuse the cached data without repeatedly querying AM to retrieve it.
By default, profile attributes aren’t cached.
Access token cache
When a user presents an access token to the OAuth2ResourceServerFilter, the access token cache stores the token. IG can reuse the token information without asking the Authorization Server to verify the access token for each request.
By default, access tokens aren’t cached. To increase performance by caching access tokens, consider configuring a cache in one of the following ways:
-
Configure a CacheAccessTokenResolver for a cache based on Caffeine.
-
Configure the
cacheproperty of OAuth2ResourceServerFilter.
Open ID Connect user information cache
When a downstream filter or handler needs user information from an OpenID Connect provider, IG fetches it lazily. By default, IG caches the information for 10 minutes to prevent repeated calls over a short time.
Find out more from cacheExpiration in
AuthorizationCodeOAuth2ClientFilter.
Cache metrics at the Prometheus Scrape Endpoint
The Prometheus Scrape Endpoint exposes the following meters and metrics:
ig_cache_gets_total
A counter monitoring type, incremented when a cache request hits or misses an entry.
| Label | Possible values |
|---|---|
|
|
|
|
Example:
ig_cache_gets_total{content="session",...result="hit",...} 13.0
ig_cache_gets_total{content="session",...,result="miss"...} 1.0
ig_cache_gets_total{content="policy_decision",...,result="hit",...} 5.0
ig_cache_gets_total{content="policy_decision",...,result="miss",...} 2.0ig_cache_loads
This meter exposes the following metrics:
ig_cache_loads_seconds-
A timer monitoring type, measuring the time in seconds spent successfully or unsuccessfully loading entries in the cache.
Label Possible values contentsession,
policy_decision,
user_profile,
access_tokenresultsuccess,failurequantile0.5,0.75,0.95,0.98,0.99,0.999Example:
ig_cache_loads_seconds{content="session",...result="success",...quantile="0.5",} 0.057710516 ig_cache_loads_seconds{content="session",...result="success",...quantile="0.75",} 0.057710516 ig_cache_loads_seconds{content="session",...result="success",...quantile="0.95",} 0.057710516 ig_cache_loads_seconds{content="session",...result="success",...quantile="0.98",} 0.057710516 ig_cache_loads_seconds{content="session",...result="success",...quantile="0.99",} 0.057710516 ig_cache_loads_seconds{content="session",...result="success",...quantile="0.999",} 0.057710516 ig_cache_loads_seconds_total-
A timer monitoring type, measuring the cumulated time in seconds spent successfully or unsuccessfully loading entries in the cache.
Label Possible values contentsession,
policy_decision,
user_profile,
access_tokenresultsuccess,failureExample:
ig_cache_loads_seconds_total{content="session",...result="failure",...} 0.0 ig_cache_loads_seconds_total{content="session",...result="success",...} 0.057710516 ig_cache_loads_seconds_total{content="policy_decision",...,result="failure",...} 0.0 ig_cache_loads_seconds_total{content="policy_decision",...,result="success",...} 0.144314803 ig_cache_loads_count-
A counter monitoring type, incremented when a cache request is successfully or unsuccessfully loaded in the cache.
Label Possible values contentsession,
policy_decision,
user_profile,
access_tokenresultsuccess,failureExample:
ig_cache_loads_count{content="session",...result="failure",...} 0.0 ig_cache_loads_count{content="session",...result="success",...} 1.0 ig_cache_loads_count{content="policy_decision",...,result="failure",...} 0.0 ig_cache_loads_count{content="policy_decision",...,result="success",...} 2.0
ig_cache_evictions
This meter exposes the following metrics:
ig_cache_evictions_count-
A counter monitoring type, incremented when an entry is evicted from the cache.
Label Possible values contentsession,
policy_decision,
user_profile,
access_tokencauseCOLLECTED,
EXPIRED,
EXPLICIT,
REPLACED,
SIZEExample
ig_cache_evictions_count{cause="COLLECTED",content="session",...} 0.0 ig_cache_evictions_total{cause="EXPIRED",content="session",...} 0.0 ig_cache_evictions_count{cause="EXPIRED",content="session",...} 0.0 ig_cache_evictions_total{cause="EXPLICIT",content="session",...} 0.0 ig_cache_evictions_count{cause="EXPLICIT",content="session",...} 0.0 ig_cache_evictions_total{cause="REPLACED",content="session",...} 0.0 ig_cache_evictions_count{cause="REPLACED",content="session",...} 0.0 ig_cache_evictions_total{cause="SIZE",content="session",...} 0.0 ig_cache_evictions_count{cause="SIZE",content="session",...} 0.0 ig_cache_evictions_total{cause="COLLECTED",content="policy_decision",...} 0.0 ig_cache_evictions_count{cause="COLLECTED",content="policy_decision",...} 0.0 ig_cache_evictions_total{cause="EXPIRED",content="policy_decision",...} 1.0 ig_cache_evictions_count{cause="EXPIRED",content="policy_decision",...} 1.0 ig_cache_evictions_total{cause="EXPLICIT",content="policy_decision",...} 0.0 ig_cache_evictions_count{cause="EXPLICIT",content="policy_decision",...} 0.0 ig_cache_evictions_total{cause="REPLACED",content="policy_decision",...} 0.0 ig_cache_evictions_count{cause="REPLACED",content="policy_decision",...} 0.0 ig_cache_evictions_total{cause="SIZE",content="policy_decision",...} 0.0 ig_cache_evictions_count{cause="SIZE",content="policy_decision",...} 0.0 ig_cache_evictions_total-
A counter monitoring type, incremented when an entry is evicted from the cache. Each evicted entry has the weight
1, so this metric is equal toig_cache_evictions_count.Label Possible values contentsession,
policy_decision,
user_profile,
access_tokencauseCOLLECTED,
EXPIRED,
EXPLICIT,
REPLACED,
SIZEExample
ig_cache_evictions_total{cause="COLLECTED",content="session",...} 0.0 ig_cache_evictions_count{cause="COLLECTED",content="session",...} 0.0 ig_cache_evictions_total{cause="EXPIRED",content="session",...} 0.0 ig_cache_evictions_count{cause="EXPIRED",content="session",...} 0.0 ig_cache_evictions_total{cause="EXPLICIT",content="session",...} 0.0 ig_cache_evictions_count{cause="EXPLICIT",content="session",...} 0.0 ig_cache_evictions_total{cause="REPLACED",content="session",...} 0.0 ig_cache_evictions_count{cause="REPLACED",content="session",...} 0.0 ig_cache_evictions_total{cause="SIZE",content="session",...} 0.0 ig_cache_evictions_count{cause="SIZE",content="session",...} 0.0 ig_cache_evictions_total{cause="COLLECTED",content="policy_decision",...} 0.0 ig_cache_evictions_count{cause="COLLECTED",content="policy_decision",...} 0.0 ig_cache_evictions_total{cause="EXPIRED",content="policy_decision",...} 1.0 ig_cache_evictions_count{cause="EXPIRED",content="policy_decision",...} 1.0 ig_cache_evictions_total{cause="EXPLICIT",content="policy_decision",...} 0.0 ig_cache_evictions_count{cause="EXPLICIT",content="policy_decision",...} 0.0 ig_cache_evictions_total{cause="REPLACED",content="policy_decision",...} 0.0 ig_cache_evictions_count{cause="REPLACED",content="policy_decision",...} 0.0 ig_cache_evictions_total{cause="SIZE",content="policy_decision",...} 0.0 ig_cache_evictions_count{cause="SIZE",content="policy_decision",...} 0.0