Strange random behaviour during user authorization

This topic has 3 replies, 3 voices, and was last updated 7 years, 8 months ago by Peter Major.

  • Author
  • #2376

    Hi All,

    I’m facing a really strange issue with OpenAM version 11.0.0. In the architecture we are using OpenDS as directory server, OpenAM 11.0.0 and the j2ee policy agent for weblogic server 11g (agent version 3.3.0).

    Access manager authenticate users and returns the assigned roles in the response header, using the isUserInRole(….) function at application level is possible check that a specific roles is granted to the authenticated user.

    Unfortunately this behaviour is quite random, sometimes the access manager set the roles correctly in the header response but sometime not and this is causing issue inside the application.

    After some investigation we realized that the directory server is really slow to perform searches and saturate the CPU, basically when this happen the role list is empty.

    Need some help for this issue as we are struggling since long time now and we would sort this out . Any advise ?

     Jamie Bowen

    Hi vesta,

    What is your deployment architecture?



    Hi Jamie,

    Architecture is as follow:

    OpenAM DAS UI

    Weblogic Server with J2EE Policy Agent

    OpenAM (11.0.0)


    As this is a test server everything is installed in the same linux box. The same issue happened in production where this architecture was clustered and we managed to solve it swapping OpenDS with OpenDJ.

     Peter Major


    OpenDS is really old now, and there were a lot of improvements implemented with OpenDJ, amongst other things: performance improvements around handling static groups. I would suggest to use the latest version of OpenDJ and always make sure that you have no unindexed searches slowing down your deployment.


Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?