How To
Archived

How do I change the Maximum Caching Time in OpenAM 13.x?

Last updated Jan 5, 2021

The purpose of this article is to provide information on changing the Maximum Caching Time in OpenAM, which affects session caching. You can change this globally, per realm or per user as required, where realm level overrides global setting and user-level overrides both realm and global settings.


1 reader recommends this article

Archived

This article has been archived and is no longer maintained by ForgeRock.

Background information

The maximum caching time setting has evolved over time and is used as follows depending on your version:

AM 5.x and 6

AM 5 introduced changes to session handling when moving to Autonomous Session Management (the removal of session crosstalk and making the CTS token store the authoritative source for sessions rather than the AM server itself ), which means this setting is no longer used internally by AM sessions and is only used by older policy agents (Web 4.x and JEE 3.5.x). Since these policy agents are not supported in AM 6.5, this setting is obsolete. See What versions of Agents are compatible with AM? for further details.

OpenAM 13.x

The maximum caching time specifies the number of minutes that an OpenAM session is held in memory before it is refreshed. It is also used to recommend the number of minutes that the policy agents (Web 4.x and JEE 3.5.x) should cache the session for. This setting is simply a suggestion though and can be overridden in the policy agent profile.

Changing the global setting

You can configure the global maximum caching time using either the console or ssoadm:

  • OpenAM 13.5 console: navigate to: Configure > Global Services > Session > Dynamic Attributes and enter the required number of minutes for the maximum caching time.
  • OpenAM 13 console: navigate to: Configuration > Global > Session > Dynamic Attributes and enter the required number of minutes for the maximum caching time.
  • ssoadm: enter the following command: $ ./ssoadm set-attr-defs -s iPlanetAMSessionService -t dynamic -u [adminID] -f [passwordfile] -a iplanet-am-session-max-caching-time=[minutes] replacing [adminID], [passwordfile] and [minutes] with appropriate values.

Changing the realm level setting

Note

You may need to add the Session service if it is not listed under Services by clicking Add a Service or Add and then selecting Session. If you are using ssoadm, you can replace set-realm-svc-attrs in the ssoadm command with add-svc-realm to add this service and set the attributes with the same command.

You can configure the realm level maximum caching time using either the console or ssoadm:

  • Console: navigate to: Realms > [Realm Name] > Services > Session and enter the required number of minutes for the maximum caching time.
  • ssoadm: enter the following command: $ ./ssoadm set-realm-svc-attrs -s iPlanetAMSessionService -e [realmname] -u [adminID] -f [passwordfile] -a iplanet-am-session-max-caching-time=[minutes] replacing [realmname], [adminID], [passwordfile] and [minutes] with appropriate values.

Changing the user-level setting

Warning

You cannot set the maximum caching time at a user level if you use Active Directory® for your data store as the Session service attributes cannot currently be mapped to this data store.

You must select the Load Schema when saved option for your data store prior to specifying user-level settings. You can do this by navigating to Realms > [Realm Name] > Data Stores > [Data Store Name] in the console. 

Note

You may need to add the Session service if it is not listed under Services by clicking Add Service or Add and then selecting Session. If you are using ssoadm, you can replace set-identity-svc-attrs in the ssoadm command with add-svc-identity to add this service and set the attributes with the same command.

You can configure the user level maximum caching time using either the console or ssoadm:

  • Console: navigate to: Realms > [Realm Name] > Subjects > [User Name] > Services > Session and enter the required number of minutes for the maximum caching time.
  • ssoadm: enter the following command: $ ./ssoadm set-identity-svc-attrs -s iPlanetAMSessionService -e [realmname] -t User -i [username] -u [adminID] -f [passwordfile] -a iplanet-am-session-max-caching-time=[minutes] replacing [realmname], [username], [adminID], [passwordfile] and [minutes] with appropriate values.

See Also

FAQ: Caching in AM

How do I configure session timeouts in AM (All versions)?

Reference › Session

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.