Configuring Trust Framework attribute caching for production - PingAuthorize

Configuring Trust Framework attribute caching for production - PingAuthorize - 9.2

PingAuthorize

bundle

pingauthorize-92

ft:publication_title

PingAuthorize

Product_Version_ce

PingAuthorize 9.2

Setting up Redis external attribute caching in the UI

To successfully assign an external Redis attribute cache to the Policy Decision Service, you must set PDP Mode to embedded.

On the Configuration page of the PingAuthorize Administration Console, go to Authorization and Policies > External Attribute Caches.
Select your desired Redis mode from the New External Attribute Cache list.
At minimum, enter the required values, as indicated by a red asterisk, and click Save To PingAuthorize Server Cluster.

Note:
For more information on a field, click the question mark icon.
Go to Authorization and Policies > Policy Decision Service.
Select your Redis cache name from the External Attribute Cache list in the Trust Framework Attribute Cache Configuration section and click Save To PingAuthorize Server Cluster.
Note:
Alternatively, you can use the controls next to the External Attribute Cache list to create, edit, or remove external Redis caches:
- Click the Plus icon to create a new external attribute cache.
- Click the Pencil icon to edit the configuration of the selected attribute cache.
- Click X to remove the attribute cache from the Policy Decision Service and revert the PDP to an in-memory attribute cache.

Setting up Redis external attribute caching with dsconfig

When using the dsconfig set-policy-decision-service-prop command, the new configuration must still be compliant with the following:

The pdp-mode property must be set to embedded.
The deployment-package-source-type property must be set to store or static-file.
- If the deployment-package-source-type property is set to store, the deployment-package-store property must resolve to a valid deployment package store.
- If the deployment-package-source-type property is set to static-file, the deployment-package-store property must resolve to a valid deployment package.

Here are the configuration options available for creating Redis external caches using the dsconfig tool. When using the dsconfig create-external-attribute-cache command, the new configuration must still be compliant with the required attributes associated with the specified cache type:

Option	Description
mode	Required. Specifies Redis mode. Accepted values: single_instance, replicated, elasticache, or sentinel.
nodeAddresses	Required, only when mode is single_instance, replicated, or sentinel. Defines node addresses. A comma-separated list of Redis nodes.
replicationGroupId	Required, only when mode is elasticache. Replication group ID.
masterName	Required, only when mode is sentinel. Specifies name of the master node.
database	Optional, only when mode is sentinel. Database index used for Redis connection. Default value is 0.
scanInterval	Optional, only when mode is sentinel. Redis cluster scan interval in milliseconds. Default value is 1000.
checkSentinelList	Optional, only when mode is sentinel. Enables Sentinels list check during startup. Default value is false.
username	Optional, only when AUTH token authentication is enabled in the Redis provider.
password	Optional, only when AUTH token authentication is enabled in the Redis provider.

Create the external attribute cache using the dsconfig create-external-attribute-cache command. For example:

$ dsconfig create-external-attribute-cache \ 
  --cache-name 'Single Instance' \ 
  --type redis-single-instance \ 
  --set redis-node-addresses:redis://localhost:6379

Assign the defined external attribute cache to the Policy Decision Service. For example:

$ dsconfig set-policy-decision-service-prop \
  --set 'external-attribute-cache:Single Instance'

Your external attribute cache has been defined and attached to the Policy Decision Service. There is no need to restart the server.