17.1 About the Workstation Cache

The SecureLogin cache is an encrypted local copy of SecureLogin data. It allows users who are not connected to the network (or working offline using a laptop) to continue to use SecureLogin even if the directory becomes unavailable.

User data includes credentials, preferences, policies, and SecureLogin application definitions, except when you use a smart card for storing credentials. By default, a cache file is created on the workstation as part of SecureLogin installation. The cache file stores user data locally and is synchronized regularly with the user’s data in the directory. You can set the synchronization period in the Administrative Management utility. You can also disable the offline cache, forcing all SecureLogin data to be stored in the directory.

Depending on the type of installation, the cache is stored:

  • In the users profile directory. For example:

    %APPDATA%\SecureLogin\Cache

    On Microsoft Windows Vista and higher: %APPDATA% represents

    C:\Users\<Username>\Appdata\Roaming\

    On XP systems: %APPDATA represents

    C:\Documents and Settings\<Username>\Application Data\

  • In the %ProgramFiles%. For example:

    C:\Program Files\NetIQ\SecureLogin\Cache

Directory and workstation caches are synchronized regularly, by default every five minutes, and whenever the user logs off or on to the workstation. When changes are made, either by the user on the workstation or the administrator in the directory, single sign-on user data is compared and updated during synchronization. Any settings configured by the user through the Credentials Management tool on the local workstation take precedence over those made in the directory.

If you require full administrative control of a user’s SecureLogin environment, you can disable the user's access to administration tools through the settings in the Preferences Properties table. This prohibits users from overriding your changes while configuring changes on the workstation.

NOTE:The SecureLogin cache refresh interval is by default five minutes. You can change the default in the Preferences Properties table.

Because SecureLogin data is stored in the directory, existing directory backups also back up SecureLogin data. In addition, the local cache synchronizes with the directory for further redundancy of data. Backing up or restoring by using the SecureLogin menu options is typically performed by users who have been disconnected from the network for long periods of time, such as weeks or months.

Using workstation backup and restore, users can securely back up their SecureLogin cache in stand-alone or directory deployments. All user data, including passwords and passphrases, is saved in a password-protected, encrypted XML file.