Policy Server :: Trusted Host Caching
search cancel

Policy Server :: Trusted Host Caching


Article ID: 50138


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



I read that a "Trusted Host Caching" feature has been implemented in R12 SP3 as:

"Improved Trusted Host Processing
The processing of trusted hosts is now faster for policy stores that contain over 1000 trusted host entries. This improved processing reduces the time it takes for a Web Agent to establish a connection with a Policy Server using a large policy store."

(Policy Server Release Notes r12.0 SP3)

Does it mean in the older versions Trusted Hosts were not cached and Policy Server was contacting the Policy Store in real time to verify the trusted host during handshake? Or was it something else?
And can we get more details on how to configure this cache and how to see its activity in logs?


No, it did not connect to the server in real time. The difference with R12SP3 CA SiteMinder is that a new cache was added specifically for the Trusted Host objects only. Before there was no specific cache and it had to search the object store memory copy.

The Policy Server only updates the Trusted Host cache when Trusted Host data changes. Because the update process of the Trusted Host cache does not work as a timer, the update frequency is not configurable.

The Trusted Host Cache Size is not configurable, as there is no default allocation, and Policy Server allocates what is required for the entries.

You will see the Trusted Host Cache activity only in the Policy Server Profiler traces. Because the Trusted Host Cache is in constant use, logging of its activity is only available by Policy Server Profiler traces.

In order to see Trusted Host Cache activity, you need to enable the Server Component along with the following Sub components :

[ Policy_Object
[ Administration

Also, the minimum set of fields required to see the Trusted Host Cache activities are:

[ SrcFile
[ Message
[ Function
[ ObjectClass
[ ObjectOID

Given below is the log extract showing a Trusted Host activity in which a Trusted Host named "man3" is getting deleted :

[SmObjProvider.cpp:900][Fetching 'TrustedHost' object with oid][2300][2320][01/24/2011][17:15:08][CSmObjProvider::Fetch][][][TrustedHost][24-7c307fe4-820a-4dee-b57b-931441da7bb3][][][][][][][]
[SmObjCache.cpp:642][Unlock an object from the object cache.][2300][2320][01/24/2011][17:15:08][CSmObjCache::Unlock][][][][24-7c307fe4-820a-4dee-b57b-931441da7bb3][][][][][][][]

[SmObjCache.cpp:642][Unlock an object from the object cache.][2300][984][01/24/2011][17:15:09][CSmObjCache::Unlock][][][][24-7c307fe4-820a-4dee-b57b-931441da7bb3][][][][][][][]

[SmObjCache.cpp:642][Unlock an object from the object cache.][2300][984][01/24/2011][17:15:09][CSmObjCache::Unlock][][][][24-7c307fe4-820a-4dee-b57b-931441da7bb3][][][][][][][]

[SmObjCache.cpp:642][Unlock an object from the object cache.][2300][2176][01/24/2011][17:15:33][CSmObjCache::Unlock][][][][24-7c307fe4-820a-4dee-b57b-931441da7bb3][][][][][][][]

[SmAdmObject.cpp:695][szGetProps iteration 1 : ([email protected] -Name."man3" Desc."Automatically generated TrustedHost object" IpAddr."" -Secret."fFMBJ9N1A+/zemINwAk1y6v1cFpd5i61OcdustQPCgfYo2JTNYOTQnXd+PS/OGGLmN9kwzdoB8f4zFYLLMINEMZAoi4mEo9WThsdcj+fhSzD12IbcYIdAqZYPQ3PRg8t" Is4xHost."0" RolloverEnabled."0" SecretGenTime."00000000-00000000-000000000000000000000000000000000000000000000000" SecretUsedTime."00000000-00000000-000000000000000000000000000000000000000000000000" -PrevSecret."")][2300][2176][01/24/2011][17:15:33][CSmAdmObject::GetNextCollectionProps][][][][][][][][][][][]

[SmObjCache.cpp:642][Unlock an object from the object cache.][2300][2176][01/24/2011][17:15:39][CSmObjCache::Unlock][][][][24-7c307fe4-820a-4dee-b57b-931441da7bb3][][][][][][][]

[SmObjProvider.cpp:1075][Deleting 'TrustedHost' object][2300][2176][01/24/2011][17:15:39][CSmObjProvider::Delete][][][TrustedHost][24-7c307fe4-820a-4dee-b57b-931441da7bb3][][][][][][][]

During Trusted Host Cache update, worker threads are not stuck, as worker threads are still running as High Priority messages for Agent Connections.


Component: SMPLC