Caches

When a user authenticates with AM, this cache stores information about the session. PingGateway can reuse the information without asking AM to verify the session token (SSO token or CDSSO token) for each request.

If WebSocket notifications are enabled, the cache evicts entries based on session notifications from AM, making the cached content more accurate and reliable.

By default, session information isn’t cached. To increase performance, consider enabling and configuring the cache. Find out more from sessionCache in AmService.

When the PolicyEnforcementFilter requests and receives a policy decision from AM, it stores the decision in the policy cache.

When a request matches a cached policy decision, PingGateway can reuse the decision without asking AM for a new decision. When caching is disabled, PingGateway must ask AM to make a decision for each request.

If WebSocket notifications are enabled, the cache evicts entries based on policy notifications from AM, making the cached content more accurate and reliable.

By default, policy decisions aren’t cached.

When the UserProfileFilter retrieves user information, it caches it. PingGateway can reuse the cached data without repeatedly querying AM to retrieve it.

By default, profile attributes aren’t cached.

When a user presents an access token to the OAuth2ResourceServerFilter, the access token cache stores the token. PingGateway can reuse the token information without asking the Authorization Server to verify the access token for each request.

By default, access tokens aren’t cached. To increase performance by caching access tokens, consider configuring a cache in one of the following ways:

When a downstream filter or handler needs user information from an OpenID Connect provider, PingGateway fetches it lazily. By default, PingGateway caches the information for 10 minutes to prevent repeated calls over a short time.

Find out more from cacheExpiration in AuthorizationCodeOAuth2ClientFilter.