|Applies To||RSA ClearTrust 5.5|
RSA ClearTrust 5.0.1
RSA ClearTrust Authorization Server cache
|Issue||User password changes made directly to ClearTrust datastore may not immediately take effect|
|Cause||The ClearTrust Authorization Server caches data retrieved from the ClearTrust datastore. Changes to data in the ClearTrust data store will appear not to have taken effect until the Authorization Server cache is refreshed. The ClearTrust Entitlements Manager will automatically flush the Authorization Server cache each time a change is saved. The ClearTrust Management API also includes a flushCache() function, or method, that can be called when editing the data store.|
If the data store is edited "outside of ClearTrust" by direct access with LDAP or SQL tools, the change may not to take effect on the ClearTrust runtime system until the Authorization Server cache is refreshed.
|Resolution||The default time-to-live for the cache is 5 minutes, and is controlled by the aserver.conf parameter "cleartrust.aserver.cache.time_to_live." Although it is possible to lower the cache time-to-live, doing so will increase the frequency of data store lookups and may effect Authorization Server performance.|
Edits to the ClearTrust data store should only be made through the ClearTrust Entitlements Manager or the Administration API. In situations where this is not appropriate, such as a user auxiliarystore where user accounts are managed independently of ClearTrust, a delay in the propagation of updates to the Authorization Server is be expected.
|Legacy Article ID||a19140|