Notifications and the policy cache
When WebSocket notifications are enabled, PingGateway receives notifications whenever AM creates, deletes, or changes a policy.
The following procedure gives an example of how to change the configuration in Decisions in the same domain and Decisions in different domains to evict outdated entries from the policy cache. For information about WebSocket notifications, refer to WebSocket notifications.
Before you start, set up and test the example in Decisions in the same domain.
-
Websocket notifications are enabled by default. If they are disabled, enable them by adding the following configuration to the AmService in your route:
"notifications": { "enabled": true } -
Enable policy cache in the PolicyEnforcementFilter in your route:
"cache": { "enabled": true } -
In
logback.xmladd the following logger for WebSocket notifications, and then restart PingGateway:<logger name="org.forgerock.openig.tools.notifications.ws" level="TRACE" />For information, refer to Changing the log level for different object types.
-
Test the setup:
-
In your browser’s privacy or incognito mode, go to https://ig.ext.com:8443/home/pep-sso.
-
If you see warnings that the site isn’t secure, respond to the warnings to access the site.
-
Log in to AM as user
demo, passwordCh4ng31t. -
In a separate terminal, log on to AM as admin, and change the PEP-SSO policy. For example, in the Actions tab, add an action to allow HTTP
DELETE. -
Note that the PingGateway system logs are updated with Websocket notifications about the change:
... | TRACE | vert.x-eventloop-thread-14 | o.f.o.t.n.w.l.DirectAmLink | @system | Received a message: ... "policy": "PEP-SSO", "policySet": "PEP-SSO", "eventType": "UPDATE" } } ... | TRACE | vert.x-eventloop-thread-14 | o.f.o.t.n.w.SubscriptionService | @system | Notification received, ... "policy": "PEP-SSO", "policySet": "PEP-SSO", "eventType": "UPDATE" }} ... | TRACE | vert.x-eventloop-thread-14 | o.f.o.t.n.w.SubscriptionService | @system | Notification sent to a [/agent/policy] listener
-