32.6.3 The Policy Is Using Old User Data

When a policy is first evaluated, it caches information about the user.

  • Some data items are updated every minute.

  • Some are cached for the duration of the request.

  • Some are cached for the duration of the user’s session. When a data item is cached for the duration of a user session, the user must log out and log in for the policy modification to take effect.

Table 32-2 lists how long the data items for a condition are cached before being refreshed.

Table 32-2 Data Caching Limits

Condition

Data Refresh Interval

Authenticating IDP

User session

Authentication Contract

User session

Authentication Method

User session

Authentication Type

User session

Client IP

Request

Credential Profile

User session

Current Date

One minute

Current Day of Week

One minute

Current Day of Month

One minute

Current Time of Day

One minute

HTTP Request Method

Request

Java Data Injection Module

User session

LDAP Attribute

User session; configurable to be cached only for the request with the Force Data Read option.

LDAP Group

User session

LDAP OU

User session

Liberty User Profile

User session

Proxy Session Cookie

User session

Roles for Current User

User session

Roles from Identity Provider

User session

Shared Secret

User session; configurable to be cached only for the request with the Force Data Read option.

String Constant

User session

URL

Request

URL Scheme

Request

URL Host

Request

URL Path

Request

URL File Name

Request

URL File Extension

Request

User Store

User session

X-Forwarded-For IP

Request