How to Pre-Fetch User Attributes Used in Responses Or Attribute Conditions ?
(Doc ID 1510124.1)
Last updated on FEBRUARY 28, 2019
Applies to:Oracle Access Manager - Version 184.108.40.206.0 to 220.127.116.11.0 [Release 11g]
Information in this document applies to any platform.
This note describes how to configure Oracle Access Manager ( OAM ) to pre-fetch LDAP user attributes.
Authentication and Authorization Responses in OAM could be defined based on user attributes.
Further OAM 11.1.2 provides the option to configure attribute conditions in authorization policies.
The OAM server executes additional ldapsearch operations to get the attribute values from the LDAP server.
Attribute conditions and responses could be configured in different authentication or authorization policies.
For this reason the OAM server performs multiple ldapsearch operations dependent from the number of different attributes configured in responses or attribute conditions.
If the OAM server executes a response or attribute condition and the LDAP attribute is not found in the cache, a ldapsearch is executed.
The user attributes are cached for reuse.
If the OAM server generates a response or executes an attribute condition and the LDAP attribute is not found in the cache, an additional ldapsearch is executed.
Pre-fetching LDAP attributes during the authentication provides the following performance gains:
1. All attributes configured for responses or attribute conditions are collected during authentication and stored in the cache.
The OAM server has not to execute additional ldapsearch operations during policy processing.
2. OAM could execute one ldapsearch to get all user attributes used in responses or attribute conditions, instead of executing a ldapsearch for each required attribute.
Pre-fetching user attributes decreases the number of LDAP calls and therefor the load on the LDAP Server.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document