Original Message:
Sent: Jan 26, 2024 10:07 AM
From: boneyard
Subject: Policy Cache Result Timeout Value
Yes, that is how I understand it also.
You do need an option turned on to make it work, see the documentation for it.
https://www.arubanetworks.com/techdocs/ClearPass/6.6/PolicyManager/Content/CPPM_UserGuide/Admin/ServerConfig_clusterwideparams.htm
Specify the duration allowed in minutes to store the role mapping and posture results derived by the policy engine during a policy evaluation.
This result can then be used in subsequent evaluation of policies associated with a service, if the Use cached Roles and Posture attributes from previous sessions option is turned on for the service.
Original Message:
Sent: Jan 24, 2024 04:01 AM
From: arioheads
Subject: Policy Cache Result Timeout Value
Hello experts,
I am very new to ClearPass and trying to understand what exactly this setting under cluster-wide parameters does and the impact of changing the value.
Let's say ClearPass authenticated an endpoint, received token from agent and the cache timeout is 5 mins does this mean any reauthentication within this 5 minutes will tell clearpass to just use the cache? As in it trusts whatever its cache had from 5 mins ago for the endpoint and kind of not do anything? But beyond 5 minutes ClearPass will have to reassess this endpoint as in really uses its policy engine to authenticate map role etc.?
------------------------------
Thank you for your time,
JiaWei
------------------------------