Session cache eviction
When WebSocket notifications are enabled in PingGateway, PingGateway receives notifications when the following events occur:
-
A user logs out of AM
-
An AM session is modified, closed, or times out
-
An AM admin forces logout of user sessions (from AM 7.3)
The following procedure gives an example of how to change the configurations in Single sign-on (SSO) and Cross-domain single sign-on (CDSSO) to receive WebSocket notifications for session logout and to evict entries related to the session from the cache. For information about WebSocket notifications, refer to WebSocket notifications.
Before you start, set up and test the example in Single sign-on (SSO).
-
Websocket notifications are enabled by default. If they are disabled, enable them by adding the following configuration to the AmService in your route:
"notifications": { "enabled": true } -
Enable the session cache by adding the following configuration to the AmService in your route:
"sessionCache": { "enabled": true } -
In
logback.xmladd the following logger for WebSocket notifications, and then restart PingGateway:<logger name="org.forgerock.openig.tools.notifications.ws" level="TRACE" />For information, refer to Changing the log level for different object types.
-
On the AM console, log the demo user out of AM to end the AM session.
-
Note that the PingGateway system logs are updated with Websocket notifications about the logout:
... | TRACE | vert.x-eventloop-thread-4 | o.f.o.t.n.w.l.DirectAmLink | @system | Received a message: { "topic": ... "eventType": "LOGOUT" } } ... | TRACE | vert.x-eventloop-thread-4 | o.f.o.t.n.w.SubscriptionService | @system | Notification received... "eventType": "LOGOUT" }} ... | TRACE | vert.x-eventloop-thread-4 | o.f.o.t.n.w.SubscriptionService | @system | Notification sent to a [/agent/session.v2] listener