PingGateway 2024.9

Caches

Learn about Cache metrics in Metrics at the Prometheus Scrape Endpoint.

Session cache

When a user authenticates with AM, this cache stores information about the session. PingGateway can reuse the information without asking AM to verify the session token (SSO token or CDSSO token) for each request.

If WebSocket notifications are enabled, the cache evicts entries based on session notifications from AM, making the cached content more accurate and reliable.

By default, session information isn’t cached. To increase performance, consider enabling and configuring the cache. Find out more from sessionCache in AmService.

Policy cache

When the PolicyEnforcementFilter requests and receives a policy decision from AM, it stores the decision in the policy cache.

When a request matches a cached policy decision, PingGateway can reuse the decision without asking AM for a new decision. When caching is disabled, PingGateway must ask AM to make a decision for each request.

Maximize the cache hit ratio by using RequestResourceUriProvider or ScriptableResourceUriProvider in conjunction with AM policies. The PolicyEnforcementFilter identifies cached policy decisions by the resource URL returned by these URI providers.

Find more information from the resourceUriProvider property of PolicyEnforcementFilter.

If WebSocket notifications are enabled, the cache evicts entries based on policy notifications from AM, making the cached content more accurate and reliable.

By default, policy decisions aren’t cached.

User profile cache

When the UserProfileFilter retrieves user information, it caches it. PingGateway can reuse the cached data without repeatedly querying AM to retrieve it.

By default, profile attributes aren’t cached.

Access token cache

When a user presents an access token to the OAuth2ResourceServerFilter, the access token cache stores the token. PingGateway can reuse the token information without asking the Authorization Server to verify the access token for each request.

By default, access tokens aren’t cached. To increase performance by caching access tokens, consider configuring a cache in one of the following ways:

Open ID Connect user information cache

When a downstream filter or handler needs user information from an OpenID Connect provider, PingGateway fetches it lazily. By default, PingGateway caches the information for 10 minutes to prevent repeated calls over a short time.

Find out more from cacheExpiration in AuthorizationCodeOAuth2ClientFilter.

Copyright © 2010-2024 ForgeRock, all rights reserved.