Strategy when AM unavailable

When AM is unavailable, immediately return HTTP 403 for every request

When AM is unavailable, immediately return HTTP 503 for every request

When AM is unavailable, match incoming requests against not-enforced rules. Grant access to matched resources. Return HTTP 403 for all other requests.

When AM is unavailable, match incoming requests against not-enforced rules. Grant access to matched resources. Return HTTP 503 for all other requests.

When AM is unavailable, match incoming requests against not-enforced rules. Resolve unmatched requests against the cache. Return HTTP 403 for requests that don’t match the cache result. Cached entries expire naturally. After the interval defined in "Policy Cache TTL" (org.forgerock.agents.policy.cache.ttl.minutes), this becomes exactly like EVAL_NER_ELSE_403.

When AM is unavailable, match incoming requests against not-enforced rules. Resolve unmatched requests against the cache. Return HTTP 503 for requests that don’t match the cache result. Cached entries expire naturally. After the interval defined in "Policy Cache TTL" (org.forgerock.agents.policy.cache.ttl.minutes), this becomes exactly like EVAL_NER_ELSE_503.

As soon as AM becomes unavailable, freeze values in the agent caches and preserve them indefinitely. Match incoming requests against not-enforced rules. Resolve unmatched requests against the frozen cache. Return HTTP 403 for requests that don’t match the cache result.

As soon as AM becomes unavailable, freeze values in the agent caches and preserve them indefinitely. Match incoming requests against not-enforced rules. Resolve unmatched requests against the frozen cache. Return HTTP 503 for requests that don’t match the cache result.