When a policy is first evaluated, it caches information about the user.
Some data items are updated every minute.
Some are cached for the duration of the request.
Some are cached for the duration of the user’s session. When a data item is cached for the duration of a user session, the user must log out and log in for the policy modification to take effect.
Table 32-2 lists how long the data items for a condition are cached before being refreshed.
Table 32-2 Data Caching Limits
|
Condition |
Data Refresh Interval |
|---|---|
|
Authenticating IDP |
User session |
|
Authentication Contract |
User session |
|
Authentication Method |
User session |
|
Authentication Type |
User session |
|
Client IP |
Request |
|
Credential Profile |
User session |
|
Current Date |
One minute |
|
Current Day of Week |
One minute |
|
Current Day of Month |
One minute |
|
Current Time of Day |
One minute |
|
HTTP Request Method |
Request |
|
Java Data Injection Module |
User session |
|
LDAP Attribute |
User session; configurable to be cached only for the request with the Force Data Read option. |
|
LDAP Group |
User session |
|
LDAP OU |
User session |
|
Liberty User Profile |
User session |
|
Proxy Session Cookie |
User session |
|
Roles for Current User |
User session |
|
Roles from Identity Provider |
User session |
|
Shared Secret |
User session; configurable to be cached only for the request with the Force Data Read option. |
|
String Constant |
User session |
|
URL |
Request |
|
URL Scheme |
Request |
|
URL Host |
Request |
|
URL Path |
Request |
|
URL File Name |
Request |
|
URL File Extension |
Request |
|
User Store |
User session |
|
X-Forwarded-For IP |
Request |