Polling and session timeout to the authentication directories in Policy Server
search cancel

Polling and session timeout to the authentication directories in Policy Server

book

Article ID: 279966

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction


Running Policy Server, how to increase the polling time and session timeout to the authentication directories, as the default is 30 seconds?

 

Resolution


At first glance, the Policy Server Ping Thread polls the LDAP Store each 30 seconds, and this can be modified by setting the LDAPServerCheckerInterval Policy Server key (1).

To do so, edit the /{home_policy_server}/registry/sm.registry file:

For the purpose of illustrating on Linux Policy Server:

  Stop the Policy Server;

  # cd /{home_policy_server}/registry/
  # cp -p sm.registry sm.registry.orig
  # nano -w sm.registry

  change:

  HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Debug=887719863
  Console=                                    0x0;    REG_DWORD

  to

  HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Debug=887719863
  Console=                                    0x0;    REG_DWORD
  LDAPServerCheckerInterval=                 0x3c;    REG_DWORD

  // note that 0x3c is hexadecimal, which represents 60 in decimal.

  Start the Policy Server;

About the session timeout, it's the time a connection can be kept open.

As such, the Policy Server doesn't expect the connection to be closed after an amount of time, as it will reuse it. Therefore, the Policy Server expects the LDAP User Store to keep its connection permanently open as described in this KD (2).

Note that since Policy Server 12.8SP7, there's also a new LDAP Connection Pool feature (3).

 

Additional Information

Powered by Wolken Software