Tuesday, February 23, 2010

Oracle Access Manager cache flush issue

I have come across an issue with Oracle Access Manager and Identity XML and thought its worth sharing. The scenario is that, when you try to modify an user attribute using Identity XML and if you access any resource where the authorization is provided based on that specific attribute value, then it returns an error “Oracle Access Manager Operation Error”.
         This means that the attribute updated in identity system (with backend as LDAP)  using Identity XML has not been communicated to the Access Server. So when the resource is accessed where the atz is given based on the attribute, the authorization will fail and hence will result with that error. If you have specified an Authorization failure URL, then user will be taken to that URL.
         The solution for this issue is to flush the access server as and when the changes happen to the  identity system and there should be automatic cache flush between identity and access system.
This is done by changing the parameter value of doAccessServerFlush from ‘false’ to ‘true’ in baseddbparams.xm. This file is located in the directory Identity_server_installation_directory/oblix/data/common.
         Also, the cache timeout param values present in the webgates and access gates has to be reduced (for instance, reduce from 1800 to 100), this has to be followed by Identity and Access servers restart.
Refer the Oracle Documentation for this .