SiteMinder Attribute Mapping Performance Impact
search cancel

SiteMinder Attribute Mapping Performance Impact


Article ID: 212379


Updated On:





When running a Policy Server, on a given User Directory, when
configured attributes mapping as :


One might like to know if Policy Server calculates each time when
these are requested ? Or are they only calculated when used in
Response or SAML assertion ?




At first glance, an attribute value is calculated and retrieved from
the LDAP Server once a request needs it. This will happen to identify
the user and to verify the user credentials. And on a Response, it
will be also calculated. Note that on Response, you can cache the
value to avoid the Policy Server to calculate it again for an interval
of time (1)(2).

So for Response, you can configure if the attribute found will be
cached or re-calculate depending a given time in seconds (3).


Additional Information


    Use Authentication Guidelines to Estimate Directory Searches

      (Required) Two searches to authenticate each user:

 - One search/query, per store, to identify the user
 - One search/query to verify the user credentials

      (Optional) Additional searches may be required depending on how you
      design policies and if you decide to enable Password Services:

 - One search/query for each policy that is bound to a response
   that returns user attributes.


    SM_USERGROUPS and webagents


    Attribute Caching

    For SAML Assertion, attributes are cached in the Session Store :

    Supply SAML Attributes as HTTP Headers

      If the authentication scheme redirect mode parameter is set to
      PersistAttributes, the Policy Server caches the attributes in the
      session store as session variables.

      The Policy Server retrieves the attributes by a configured response.