Database update and polling concepts

The Security Verify Access policy server (pdmgrd) manages the master authorization policy database and maintains location information about other Security Verify Access servers in the secure domain. A Security Verify Access administrator can make security policy changes to the secure domain at any time. The policy server makes the necessary adjustments to the master authorization database whenever security policy changes are implemented.

When the policy server makes a change to the master authorization database, it can send out notification of this change to all replica databases in the secure domain that support individual policy enforcers (such as WebSEAL). The policy enforcers must then request an actual database update from the master authorization database.

WebSEAL, as a resource manager and policy enforcer, has three options to obtain information about authorization database changes:

  • Listen for update notifications from the policy server (configurable and enabled by default).
  • Check (poll) the master authorization database at regular intervals (configurable and disabled by default).
  • Enable both listening and polling.

The [aznapi-configuration] stanza of the WebSEAL configuration file contains stanza entries for configuring update notification listening and database polling.