Tech Tip - CA Single Sign-On : Policy Server :: Primary and Secondary Caches

Document created by Patrick-Dussault Employee on Jun 26, 2015Last modified by kristen.palazzolo on Dec 17, 2016
Version 4Show Document
  • View in full screen mode

CA Single Sign-On Tech Tip by Patrick Dussault, Support Engineer for June the 26th 2015.


Question :


Starting the Policy Server, I always see messages concerning the

secondary cache. What is the use of the secondary cache ?


Answer :


The presence of the Primary Cache is to prevent LDAP and

ODBC reads to the Policy Store. But having only the Primary

Cache causes problem.


When a modification is made to the Policy Store data, the Policy Server

has to set a lock on the Primary Cache to load the modifications.

The lock had the effect to delay protection, authentication

and authorization processing in the Policy Server.



To overcome this problem, the Policy Server uses 2 caches : a Primary

and a Secondary. When it starts, the Policy Server initializes both

Caches and fill the Primary Cache with data got from the Policy Store.

The Secondary Cache is initialized but maintained empty until the

Primary Cache need to be updated.



When a modification occurs to the Policy Store Data such as Domain, Realm,

Policies, etc. the Policy Server makes a copy of the data from the Primary

Cache to the Secondary one, and once done, it marks the Secondary Cache as the

active one. Then the Policy Server can update the data in the Primary Cache

without harming the protection, authentication and authorization processes.



Once the Primary Cache Data are up to date, the Policy Server

marks it back as the active one.