Wallet caching
Each AccessAgent has a machine Wallet that caches data such as AccessProfiles, system policies, and machine policies. This machine Wallet is downloaded immediately after installation of AccessAgent.
AccessAgent can also cache the single sign-on data of the user into individual cached Wallets on each computer that the user logs on to. The cached Wallet contains user authentication data, and application credentials in the user single sign-on Wallet.
Since system and user data are cached, AccessAgent can still authenticate users and perform single sign-on even if it is not connected to the IMS Server.
The cached Wallets are encrypted and stored in system_drive:\Program Files\IBM\ISAM ESSO\AA\Cryptoboxes. The cached Wallets are encrypted files and are not accessible to non-Administrator users.
AccessAgent also caches single sign-on profiles, policies, the user Wallet, and generated audit logs on local storage in an encrypted form.
Both machine and user cached Wallets are periodically synchronized with the IMS Server.
When Wallet caching is useful
- AccessAgent updates the locally cached Wallet and the IMS Server immediately.
- If the IMS Server connection
is not available, the captured credentials and audit log data are
cached in the user Wallet. These data are submitted at a later time.
When the IMS Server connection is restored, AccessAgent attempts to submit captured credentials and audit log data immediately to the IMS Server.
By default, the periodic synchronization is set to every 30 minutes.
- The next time that the user logs on to the AccessAgent from another workstation, AccessAgent synchronizes with the IMS Server. The changes are then updated into the cached Wallet on that workstation.