Configuring the security cache

You can configure the security cache by specifying a value for the cacheTimeout property for an independent integration server by updating the server.conf.yaml configuration file or, for on an integration node, by using the mqsichangeproperties command.

About this task

To improve performance, the security manager uses a security cache at the integration server level. Entries are created when a message flow with a security profile performs authentication, mapping, or authorization. After the security manager completes authentication, mapping, or authorization of an identity against an external security provider or the integration server vault, the identity is stored in the cache with a status of either valid or invalid. For subsequent input messages, the cache is checked first. If a matching entry is available, it is used directly. If no entry exists, the identity is validated against the external provider or the vault, and the outcome is then added to the cache. The entries are valid for the length of time that is specified by the cacheTimeout property of the SecurityCache component after which the entries are marked as expired.

Procedure

  • For an independent integration server:
    1. Open the configuration file for your integration server (server.conf.yaml) by using a YAML editor.

      You can edit the file by using the built-in YAML editor that is provided in the IBM® App Connect Enterprise Toolkit, either by double-clicking the file in the Application Development view or by right-clicking the file and selecting Open with > YAML editor. If you choose to edit the file by using a plain text editor, ensure that you do not include any tab characters (which are not valid in YAML) and use a YAML validation tool to validate the contents of your file.

      For more information about configuring an integration server, see Configuring an integration server by modifying the server.conf.yaml file.

    2. Set the security cache timeout property, cacheTimeout, in the SecurityCache section of the server.conf.yaml configuration file.
      The default value is 60 seconds.
    3. When you have modified and saved the server.conf.yaml file, restart the integration server for the changes to take effect.
      For information about how to start an integration server, see Starting an integration server.
  • For an integration node:
    1. Use the mqsichangeproperties command.
      For example, to change the value of the security cache timeout parameter, cacheTimeout, to 200 seconds, use the following command:
      mqsichangeproperties INODE -b SecurityCache -n cacheTimeout -v 200
    2. Restart the integration node for the change to take effect.