000012210 - Is it possible to disable the protected URL cache?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012210
Applies ToRSA Access Manager 6.0.4
Novell eDirectory
When the protected URL cache is disabled by setting .aserver.cache.url.protection=0 Access Manager will use the default (older) mechanism to determine authorizations.  By disabling cache you not only loose the efficiency of the cache, but the algorithm for stripping the URL is not as efficient. 
IssueIs it possible to disable the protected URL cache?

Access Manager is sending a query to the datastore with the full URL and query string.  This may cause a problem with some LDAP servers if the query string is excessively long.

Search: Base DN: ou=ctscApplicationDataRepository, dc=rsasecurity, dc=com Scope: 1 Filter: (&(objectclass=ctscApplicationUrl)(ctscPolicyEnforcementPointRef=cn=303,ou=ctscApplicationDataRepository,dc=rsasecurity,dc=com)(ctscuri=/protected/test.aspx?name=user1)) Attributes Only: false


Novell eDirectory dumps core when executing extremely long search strings.
ResolutionRSA Support recommends that you do not disable the protected URL cache.  The cache size should be set to a value sufficiently large to ensure that the cache is never exceeded.  The size is the product of the number of web severs and the number of URL's. Use the cleartrust.aserver.cache.bootstrap.preload may be enabled temporarily to determine actual cache sizes.
Legacy Article IDa48326

Attachments

    Outcomes