000025211 - If user property is changed in RSA ClearTrust Admin GUI  the change is not immediately reflected in the HTTP headers set up by the IIS server

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000025211
Applies ToRSA ClearTrust Agent 4.5 for Microsoft IIS
Microsoft Windows 2000 Professional SP4
Microsoft Windows Server 2003
IssueIf user property is changed in RSA ClearTrust Admin GUI, the change is not immediately reflected in the HTTP headers set up by the IIS server
CauseUser property values are cached in the Web server for improved performance. The RSA ClearTrust Agent on the Web server will only periodically check back to an authorization server to obtain the latest details.
ResolutionParameters in the webagent.conf file dictate how often the Web agent will check back with the authorization server to pick up new property values. On IIS (RSA ClearTrust Agent 4.5), the parameter is called cleartrust.agent.user_properties_cache_ttl, and by default, this is set to 10Mins, meaning that if an ASP page displays the properties published as HTTP headers, you would not see a change until 10 minutes had passed.

If you lower this figure (e.g. change to 1 or 2 seconds), you will see changes almost instantaneously. You should choose a value that is appropriate to the system, since lowering this value will slow down performance. Generally, ensure that the value chosen reflects how often the actual properties are expected to change.

For more information, see this If a user property is changed in the RSA ClearTrust Admin GUI  it takes a period of time before the change is reflected in the HTTP headers set up by the Apache server related to this issue on Apache.
Legacy Article IDa20340

Attachments

    Outcomes