OpenAM - Issue on caching user group attributes

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

OpenAM - Issue on caching user group attributes

Pablo Bianchino
Hi all, we are having the following issue:

We are using in a custom ScopeValidator class for searching users groups attributes, for instance, the group description.
For doing this, we use the class AMIdentityRepository and the method searchIdentities, ie:

AMIdentityRepository ir = new AMIdentityRepository(token, realm);
IdSearchResults results = ir.searchIdentities(IdType.GROUP, crestQuery, searchConfig);

We noticed that OpenAM is not caching groups attributes. As we could checked in logs, it's only getting from cache user attributes. I mean, every time we request a token info, it always execute an ldap search for the group atributes but the user attributes are taken from the cache.

In this context, is there a way to cache the group attribute for the user in order to avoid unnecessary ldap queries?

Thanks in advance,
Kind regards

Pablo Bianchino
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenAM - Issue on caching user group attributes

Bernhard Thalmayr
Am 04/11/16 um 16:27 schrieb Pablo Bianchino:

> Hi all, we are having the following issue:
>
> We are using in a custom ScopeValidator class for searching users groups
> attributes, for instance, the group description.
> For doing this, we use the class AMIdentityRepository and the method
> searchIdentities, ie:
>
> AMIdentityRepository ir = new AMIdentityRepository(token, realm);
> IdSearchResults results = ir.searchIdentities(IdType.GROUP, crestQuery,
> searchConfig);
>
> We noticed that OpenAM is not caching groups attributes. As we could
> checked in logs, it's only getting from cache user attributes. I mean,
> every time we request a token info, it always execute an ldap search for
> the group atributes but the user attributes are taken from the cache.
>
> In this context, is there a way to cache the group attribute for the
> user in order to avoid unnecessary ldap queries?

Note out-of-the box you would need to write your own IdRepoCache
implementation.

-Bernhard

>
> Thanks in advance,
> Kind regards
>
> /Pablo Bianchino/
> /Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050/
> /www.identicum.com/ <http://www.identicum.com/>
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: OpenAM - Issue on caching user group attributes

Pablo Bianchino
Hi! Thanks for your feedback Bernhard.
Regards

Pablo Bianchino
Identicum S.A.
Jorge Newbery 3226
Tel: +54 (11) 4552-3050

2016-11-08 11:56 GMT-03:00 Bernhard Thalmayr <[hidden email]>:
Am 04/11/16 um 16:27 schrieb Pablo Bianchino:
> Hi all, we are having the following issue:
>
> We are using in a custom ScopeValidator class for searching users groups
> attributes, for instance, the group description.
> For doing this, we use the class AMIdentityRepository and the method
> searchIdentities, ie:
>
> AMIdentityRepository ir = new AMIdentityRepository(token, realm);
> IdSearchResults results = ir.searchIdentities(IdType.GROUP, crestQuery,
> searchConfig);
>
> We noticed that OpenAM is not caching groups attributes. As we could
> checked in logs, it's only getting from cache user attributes. I mean,
> every time we request a token info, it always execute an ldap search for
> the group atributes but the user attributes are taken from the cache.
>
> In this context, is there a way to cache the group attribute for the
> user in order to avoid unnecessary ldap queries?

Note out-of-the box you would need to write your own IdRepoCache
implementation.

-Bernhard

>
> Thanks in advance,
> Kind regards
>
> /Pablo Bianchino/
> /Identicum S.A.
> Jorge Newbery 3226
> Tel: +54 (11) 4552-3050/
> /www.identicum.com/ <http://www.identicum.com/>
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Loading...