For higher environments, including testing and production, you can define an external attribute cache for the Trust Framework.
With the Policy Decision Service set to embedded policy decision point (PDP) mode, the PingAuthorize Server is configured by default to cache attribute values in memory (for any attributes with a defined caching strategy). Alternatively, you can define an external attribute cache using the following Redis modes:
- Single Redis instance
- Single Redis instance using TLS
- Replicated Redis
- Redis Sentinel
- Amazon Web Services (AWS) ElastiCache Redis
Setting up Redis external attribute caching in the UI
To successfully assign an external Redis attribute cache to the Policy Decision Service, you must set PDP Mode to embedded.
Setting up Redis external attribute caching with dsconfig
When using the dsconfig set-policy-decision-service-prop command, the new configuration must still be compliant with the following:
- The pdp-mode property must be set to embedded.
- The deployment-package-source-type property must be set to
store or static-file.
- If the deployment-package-source-type property is set to store, the deployment-package-store property must resolve to a valid deployment package store.
- If the deployment-package-source-type property is set to static-file, the deployment-package-store property must resolve to a valid deployment package.
Here are the configuration options available for creating Redis external caches using the dsconfig tool. When using the dsconfig create-external-attribute-cache command, the new configuration must still be compliant with the required attributes associated with the specified cache type:
Option | Description |
---|---|
mode |
Required. Specifies Redis mode. Accepted values: single_instance, replicated, elasticache, or sentinel. |
nodeAddresses |
Required, only when mode is single_instance, replicated, or sentinel. Defines node addresses. A comma-separated list of Redis nodes. |
replicationGroupId |
Required, only when mode is elasticache. Replication group ID. |
masterName |
Required, only when mode is sentinel. Specifies name of the master node. |
database |
Optional, only when mode is sentinel. Database index used for Redis connection. Default value is 0. |
scanInterval |
Optional, only when mode is sentinel. Redis cluster scan interval in milliseconds. Default value is 1000. |
checkSentinelList |
Optional, only when mode is sentinel. Enables Sentinels list check during startup. Default value is false. |
username |
Optional, only when AUTH token authentication is enabled in the Redis provider. |
password |
Optional, only when AUTH token authentication is enabled in the Redis provider. |
Your external attribute cache has been defined and attached to the Policy Decision Service. There is no need to restart the server.