000021695 - Changes made to RSA ClearTrust users directly against the datastore are not reflected at the user's subsequent logins

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021695
Applies ToRSA ClearTrust 5.5
RSA ClearTrust 5.0.1
RSA ClearTrust 5.x
IssueChanges made to RSA ClearTrust users directly against the datastore are not reflected at the user's subsequent logins
CauseThis behavior is seen because the datastore itself has no way to signal a granular cache flush to the Authorization Servers
ResolutionIf immediate updates to user changes are required against previously cached users, then these changes to the user should be done through the RSA ClearTrust AdminAPI (via an AdminAPI program or the Admin GUI). Until either the Authorization Server's CacheTTL (time-to-live) expires for the user (entity cache), or an AdminAPI call is made against the user, the change will not be reflected.

If the change is required to be made directly against the datastore (for example, changing a user's attribute which represents a CT user_property), you might consider incorporating an AdminAPI IUSER.Save() call against the user being modified to signal the AServer to flush this entry from cache.
Legacy Article IDa24388

Attachments

    Outcomes