Symantec Access Management

  • Private Community
 View Only

  • 1.  Using LDAP or DB is better for CA SSO session store?

    Posted Sep 30, 2016 03:31 AM

    CA Directory and MS SQL both support using t as session store. However which option would be recommended for high loading requirement? 



  • 2.  Re: Using LDAP or DB is better for CA SSO session store?
    Best Answer

    Broadcom Employee
    Posted Sep 30, 2016 03:03 PM

    They are both supported and VIABLE options for sessions store

     

    ODBC has been around longer as a session store used by more customers

     

    CA Directory is newer: We have a number of large customers using this type of deployment, CA teams documented specific setting to fine tune CA directory as a sessions store

    https://docops.ca.com/ca-single-sign-on/12-52-sp2/en/installing/configure-ldap-directory-server-policy-session-and-key-stores/configure-ca-directory-as-a-session-store



  • 3.  Re: Using LDAP or DB is better for CA SSO session store?

    Posted Oct 01, 2016 09:38 AM

    Thanks for your reply. If our environment having high performance requirement, which one shall we choose? As we know LDAP is fast for read but session store should involve lots of write action?



  • 4.  Re: Using LDAP or DB is better for CA SSO session store?

    Posted Oct 03, 2016 12:31 AM

    I would suggest to go with Ca Dir with the fact DB schema has limitation on # of characters it can store (especially on Artifact profile you will run into issues along with session persistence and SLO) even for high performance environments.Ca Engineering clearly mentioned  about it to us and asked us move from a DB to Ca Dir which is free for session store