Hi Guys,
We are facing an issue which is related to the SiteMinder response headers and its Cache. The following is the scenario:
1. User login into the application and lands in a page where he needs to enter few details and submit to the ODBC database, when he logins/authorizes a SM response header is triggered which contains an empty value say it is "lastname" because ODBC database does not contain the lastname value say for this case, so once he lands on a page user updates his lastname and submits to the database and the application redirects back the user to the same page again.
2. So when he lands on same page again, he should be displayed with the "lastname" (guess readable/editable option is available on page) but it is not happening . I am guessing the following reasons:
- as SM maintains the user authorization cache, once the response triggered it makes entry in the cache on policy server side for a particular session.
- once the user is back to same page after updating the lastname, the response will not get triggered within this small interval because the cache has the same response and it is using its cache entries, instead of fetching the updated results from the ODBC database.
- the webagent response has the option "cache" and "recalculate the interval"
- for obvious reason of performance we have selected "Cache" option.
- if we select the "recalculate the interval" say 2 seconds, webagent polls policy server and policy server calls to the ODBC database for every 2 seconds which would degrade the performance, might not be very large for a single response but still it has a impact which we dont want to use this feature.
- 25% of the random entries (from random articles i came to know, i was thinking it would be FIFO) of cache is flushed when it reaches the "cachemaxtimeout" value in the sm.registry, so this issue might resolve when the traffic is very high, but while testing with single user we are seeing this issue.
So we have two options as workaround:
1. First update the lastname submit to the database, and display "lastname" on the different page where it has different response name but the same parameters configured, so that siteminder can see this as new response and fetch the data from the database.
2. use the "Recalculate the interval" option giving 2 seconds.
Unfortunately neither of the above don't work for the follwoing reason
point 1 - the application team says it is a very big change, for point 2 - there would be impact on SiteMinder performance.
So, any minds who can help with the third option to solve this?
Thanks,
Ravi