000020451 - Change of protection status for resources does not occur immediately

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020451
Applies ToRSA ClearTrust Agent 4.0 for Sun ONE Web Server 6.0
RSA ClearTrust 5.0.1
IssueChange of protection status for resources does not occur immediately
When a resource is changed from protected status to unprotected status (or vice versa), the protection or unprotection for Web access does not take place immediately
CauseClearTrust 4.0 Agent has its own caching. Some of the cache parameters that may cause the above behavior are as follows (with default values):

        cleartrust.agent.protected_resource_cache_ttl=10 Mins
        cleartrust.agent.unprotected_resource_cache_ttl=5 Mins
        cleartrust.agent.authz_allow_cache_ttl=5 Mins
        cleartrust.agent.authz_deny_cache_ttl=10 Mins

The ClearTrust Authorization Server and Agent caches are independent, and are not related in any way. Clicking the 'Clear Cache' option on the ClearTrust admin GUI (Entitlements Manager) has no effect on the Agent caching. The Agent cache updates based on the time to live (TTL) settings as shown above.
ResolutionWhen testing entitlements through the ClearTrust Agent, disable the above mentioned Agent's caching parameters to get immediate protection or unprotection access. To disable these parameters, delete the values but keep the parameters uncommented. Lastly, restart the Web server for the changes to take effect.
WorkaroundA resource was changed from protected status to unprotected status (or vice versa)
Legacy Article IDa16885

Attachments

    Outcomes