|Applies To||RSA ClearTrust Agent 4.5 for Microsoft IIS|
Microsoft Windows 2000 Professional SP4
Microsoft Windows Server 2003
|Issue||If user property is changed in RSA ClearTrust Admin GUI, the change is not immediately reflected in the HTTP headers set up by the IIS server|
|Cause||User property values are cached in the Web server for improved performance. The RSA ClearTrust Agent on the Web server will only periodically check back to an authorization server to obtain the latest details.|
|Resolution||Parameters in the webagent.conf file dictate how often the Web agent will check back with the authorization server to pick up new property values. On IIS (RSA ClearTrust Agent 4.5), the parameter is called cleartrust.agent.user_properties_cache_ttl, and by default, this is set to 10Mins, meaning that if an ASP page displays the properties published as HTTP headers, you would not see a change until 10 minutes had passed.|
If you lower this figure (e.g. change to 1 or 2 seconds), you will see changes almost instantaneously. You should choose a value that is appropriate to the system, since lowering this value will slow down performance. Generally, ensure that the value chosen reflects how often the actual properties are expected to change.
For more information, see this If a user property is changed in the RSA ClearTrust Admin GUI it takes a period of time before the change is reflected in the HTTP headers set up by the Apache server related to this issue on Apache.
|Legacy Article ID||a20340|