Strange random behaviour during user authorization

This topic has 3 replies, 3 voices, and was last updated 5 years, 10 months ago by Peter Major.

  • Author
    Posts
  • #2376
     vestax84
    Participant

    Hi All,

    I’m facing a really strange issue with OpenAM version 11.0.0. In the architecture we are using OpenDS as directory server, OpenAM 11.0.0 and the j2ee policy agent for weblogic server 11g (agent version 3.3.0).

    Access manager authenticate users and returns the assigned roles in the response header, using the isUserInRole(….) function at application level is possible check that a specific roles is granted to the authenticated user.

    Unfortunately this behaviour is quite random, sometimes the access manager set the roles correctly in the header response but sometime not and this is causing issue inside the application.

    After some investigation we realized that the directory server is really slow to perform searches and saturate the CPU, basically when this happen the role list is empty.

    Need some help for this issue as we are struggling since long time now and we would sort this out . Any advise ?

    #2382
     Jamie Bowen
    Moderator

    Hi vesta,

    What is your deployment architecture?

    Jamie

    #2385
     vestax84
    Participant

    Hi Jamie,

    Architecture is as follow:

    OpenAM DAS UI

    Weblogic Server with J2EE Policy Agent

    OpenAM (11.0.0)

    OpenDS

    As this is a test server everything is installed in the same linux box. The same issue happened in production where this architecture was clustered and we managed to solve it swapping OpenDS with OpenDJ.

    #2404
     Peter Major
    Moderator

    Hi,

    OpenDS is really old now, and there were a lot of improvements implemented with OpenDJ, amongst other things: performance improvements around handling static groups. I would suggest to use the latest version of OpenDJ and always make sure that you have no unindexed searches slowing down your deployment.

    cheers,
    Peter

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?