I have a saml2.0 SP configured and I am sending a few attributes in the
auth response & based on the attribute values, the user gets logged in
to the SP site. I am using Active directory as the identity store. I
changed the values of attributes and when I try to login to the SP, it
still seems to get the old value from the IDP. The attribute value was
changed on the same AD server that is being used as the identity store.
So replication delay between AD servers is out of question.

So does the IDP poll the AD servers at certain intervals and cache the
values for use next time so that it does query the AD server often? if
so, Is there a way to reduce the time it caches the value to maintain
cache freshness?


nareshbk's Profile: http://forums.novell.com/member.php?userid=43220
View this thread: http://forums.novell.com/showthread.php?t=452616