Configuration of the GSO cache

Configuration of the GSO cache

Use the global signon (GSO) cache function to improve the performance of GSO junctions in a high load environment.
By default, the GSO cache is disabled. Without the enhancement of the cache, a call to the user registry server is required for each retrieval of GSO target information.
Stanza entries for configuring the GSO cache are in the [gso-cache] stanza of the WebSEAL configuration file. We must first enable the cache. The remaining stanza entries configure the cache size and the timeout values for cache entries. Larger lifetime and inactivity timeout values improve performance, but increase the risk of information that is exposed in the WebSEAL memory. Do not enable the GSO cache if GSO junctions are not used in the network solution.

Stanza Entries Description

gso-cache-enabled Enable and disable the GSO cache function. Values are yes or no. Default is no.

gso-cache-size Set the maximum number of entries allowed in the cache hash table. Set this value to approximate the peak number of concurrent user sessions that access an application across a GSO junction. A high value uses more memory but results in faster information access. Each cache entry consumes approximately 50 bytes.

gso-cache-entry-lifetime Maximum time (in seconds) any cache entry can remain in the cache, regardless of activity. After a cache entry expires, the next request by that same user requires a new call to the user registry server. Default value is 900 seconds.

gso-cache-entry-idle-timeout Maximum time (in seconds) an inactive cache entry that can remain in the cache. Default value is 120 seconds.

Parent topic: Single Sign-on Solutions

Stanza Entries	Description
gso-cache-enabled	Enable and disable the GSO cache function. Values are yes or no. Default is no.
gso-cache-size	Set the maximum number of entries allowed in the cache hash table. Set this value to approximate the peak number of concurrent user sessions that access an application across a GSO junction. A high value uses more memory but results in faster information access. Each cache entry consumes approximately 50 bytes.
gso-cache-entry-lifetime	Maximum time (in seconds) any cache entry can remain in the cache, regardless of activity. After a cache entry expires, the next request by that same user requires a new call to the user registry server. Default value is 900 seconds.
gso-cache-entry-idle-timeout	Maximum time (in seconds) an inactive cache entry that can remain in the cache. Default value is 120 seconds.