[OPENAM-12419] Policy rules not updated when external configuration store connection restarted Created: 09/Feb/18 Updated: 22/Feb/19 Resolved: 17/May/18
|Component/s:||authentication, policy, sms|
|Affects Version/s:||13.5.0, 13.5.1, 14.0.0, 14.1.0, 14.5.0, 14.5.1, 5.5.1|
|Fix Version/s:||13.5.3, 188.8.131.52, 14.1.2, 6.5.0, 6.0.1, 5.5.2|
|Reporter:||C-Weng C||Assignee:||Lawrence Yarham|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Sprint:||AM Sustaining Sprint 49, AM Sustaining Sprint 50, AM Sustaining Sprint 51|
|Support Ticket IDs:|
|Needs QA verification:||
|Are the reproduction steps defined?:||
Yes and I used the same an in the description
The AM policy evaluation system uses the IndexRuleTree cache to cache policy rules per realm. This is backed by a persistent search and so any changes or modification to the policy rules get changes to update or invalidate this cache so that policy evaluation is correct.
The issues is that when say the connection is external configuration restarted, the persistent connection used to manage this policy cache is no longer reestablished and it would seems any changes to the realm policy rules will not update the cached entries.
The outcome of these are AM will always use the old copies (before the disconnection of the connection). Unfortunately there is no feedback or telltale side of this so as to why then when one tries to do webagent or policy evaluation
will always be empty even if one though the rules exist
Details steps outlining how to recreate the issue (remove this text)
After any policy rules change, recycle every AM instances (if one is not sure the persistent search for policy still works)
|Comment by Lawrence Yarham [ 12/Apr/18 ]|
Many thanks C-Weng C for adding further information here. I'm able to reproduce on 13.5.0 as you described above.
|Comment by Lawrence Yarham [ 17/May/18 ]|
Fixed in latest master and backported to 6.0.x, 5.5.x, 14.1.x and 13.5.x.
|Comment by Ľubomír Mlích [ 15/Jun/18 ]|
Reproduced in OpenAM 13.5.0 Build 550cfe7d60 (2016-July-13 08:43)