---
title: Notifications and the PingAM policy cache
description: Configure PingGateway to use WebSocket notifications from PingAM to evict outdated entries from the policy cache
component: pinggateway
version: 2026
page_id: pinggateway:gateway-guide:pep-evict-cache
canonical_url: https://docs.pingidentity.com/pinggateway/2026/gateway-guide/pep-evict-cache.html
revdate: 2025-04-01T17:53:34Z
---

# Notifications and the PingAM policy cache

When WebSocket notifications are enabled, PingGateway receives notifications whenever AM creates, deletes, or changes a policy.

The following procedure gives an example of how to change the configuration in [Decisions in the same domain with PingAM](pep-sso.html) and [Decisions in different domains with PingAM](pep-cdsso.html) to evict outdated entries from the policy cache. For information about WebSocket notifications, refer to [WebSocket notifications](../maintenance-guide/tuning.html#amservice-websocket).

Before you start, set up and test the example in [Decisions in the same domain with PingAM](pep-sso.html).

1. Websocket notifications are enabled by default. If they are disabled, enable them by adding the following configuration to the [AmService](../reference/AmService.html) in your route:

   ```json
   "notifications": {
     "enabled": true
   }
   ```

2. Enable policy cache in the [PolicyEnforcementFilter](../reference/PolicyEnforcementFilter.html) in your route:

   ```json
   "cache": {
     "enabled": true
   }
   ```

3. In `logback.xml` add the following logger for WebSocket notifications, and then restart PingGateway:

   ```xml
   <logger name="org.forgerock.openig.tools.notifications.ws" level="TRACE" />
   ```

   For information, refer to [Changing the log level for different object types](../maintenance-guide/logging.html#logging-level-objects).

4. Test the setup:

   1. In your browser's privacy or incognito mode, go to <https://ig.ext.com:8443/home/pep-sso>.

   2. If you see warnings that the site isn't secure, respond to the warnings to access the site.

   3. Log in to AM as user `demo`, password `Ch4ng31t`.

   4. In a separate terminal, log on to AM as admin, and change the PEP-SSO policy. For example, in the Actions tab, add an action to allow HTTP `DELETE`.

   5. Note that the PingGateway system logs are updated with Websocket notifications about the change:

      ```none
      ... | TRACE | vert.x-eventloop-thread-14 | o.f.o.t.n.w.l.DirectAmLink | @system | Received a message: ... "policy": "PEP-SSO", "policySet": "PEP-SSO", "eventType": "UPDATE" } }
      ... | TRACE | vert.x-eventloop-thread-14 | o.f.o.t.n.w.SubscriptionService | @system | Notification received, ... "policy": "PEP-SSO", "policySet": "PEP-SSO", "eventType": "UPDATE" }}
      ... | TRACE | vert.x-eventloop-thread-14 | o.f.o.t.n.w.SubscriptionService | @system | Notification sent to a [/agent/policy] listener
      ```