-
Description
The last success connection date shown in SSOwatch window has not updated in a long time. The last connection stated on the engine only shows the last successful connection for that user(the time when the user launch the engine). That if the engine is refreshed, restart services or the work station. Then it takes up to 24 hours for that date to be displayed. -
Cause
The "Last Connection" time displayed shows when the user launched the ssoengine and prompted his credential. -
Resolution
Information about the cache data refresh and the cache delay on User Access / Enterprise SSO
Cache directory
The cache is stored into the directory described into the following data registry path:
HKLM\Software\Enatel\WiseGuard\Framework\Cache\CacheDir
Cache creation
The cache is created on the workstation at the user authentication.
It is decomposed in cache files by user and by workstation (access point).Cached data
The user cached data are:
- The technical definition of the applications used by the user: applications objects, the windows, the access, PFCP, the application profile
- The users accounts
- The user profile
The access Point cached data are:
- The installation mode
- The user target base
- The authentication type
- The authentication method
Cache period validity
The cache validity data are defined into the user profile, in the session folder.
The validity is provided in days.
These data indicate one cache validity period, there are renewed at each user authentication.Data refresh
All user data are linked with validity period registered into the following registry key:
HKLM\Software\Enatel\WiseGuard\Framework\Cache\PerformanceCacheDelay (DW) value in seconds
User configuration
If it is not available in the cache, the user data configuration (application definition, windows, PFCP) is refreshed (updated) at the engine startup, if not, to force this refresh, the end user can execute a restart of the engine from his workstation.User profile
The data linked to the user profile are refreshed at the cache data expiration.User account
The user account data are refreshed:
At the SSO Engine start. This refresh can be inactivated with the registry key:
HKLM\Software\Enatel\WiseGuard\Framework\Authentication\CacheSynchroWithAuth (DW) value different from 0.
At the internal request: the SSO Engine verifies the cache data validity and according to the result the reading is carried out in the cache or the LDAP directory.Cache delay
How to reduce the cache delay?
You have the possibility to reduce the delay with he following value:
HKLM\Software\Enatel\WiseGuard\Framework\Cache\PerformanceCacheDelay (DW)But this configuration will be overwritten by group policy SGSS->Network cache: PerformanceCacheDelay.
By this way, how is the delay managed in case changing group policy and how the information will be propagated?
Information is propagated by Microsoft and the delay depends on servers topology (time servers replication).
Cache expiration
There is no warning in advance, e.g. some days before the cache will expire.
Cache update in a VPN network
The only way to have a refreh of the Data after the establishement of the VPN connexion is to stop and start the SSOENGINE.
Pooled cache
The ServerCache value (REG_SZ) located under HKLM\SOFTWARE\Enatel\WiseGuard\Framework\Cache registry key can contain the directory name (UNC "Universal Naming Convention" name) where the user cache is copied.
This value makes it possible to have a user cache copy on a network drive, in addition to the local cache in order to allow a cache synchronization at user session start.
It is useful when the directory is not reachable but the network path is. In this case, user caches present on the different machines can be synchronized (copy of cache present on the server at session opening on the workstation).Each user has his own cache file, its name contains the user GUID.
At session opening, the cache file is copied from the server to the local machine. It is copied in the opposite side at session closure. It is the same if the user has different sessions opened on several stations. The last closed session will overwrite the cache file present on the server, it does not induce any problem as normally the same pieces of information are present on the cache file.This information is included in the "User Access Console Administrator's guide" (ref. 39 A2 27LY in evolution 6, 39 A2 62LX in evolution 5).
Comments
0 comments
Please sign in to leave a comment.