January 12, 2015 at 10:48 pm #2376vestax84Participant
I’m facing a really strange issue with OpenAM version 11.0.0. In the architecture we are using OpenDS as directory server, OpenAM 11.0.0 and the j2ee policy agent for weblogic server 11g (agent version 3.3.0).
Access manager authenticate users and returns the assigned roles in the response header, using the isUserInRole(….) function at application level is possible check that a specific roles is granted to the authenticated user.
Unfortunately this behaviour is quite random, sometimes the access manager set the roles correctly in the header response but sometime not and this is causing issue inside the application.
After some investigation we realized that the directory server is really slow to perform searches and saturate the CPU, basically when this happen the role list is empty.
Need some help for this issue as we are struggling since long time now and we would sort this out . Any advise ?January 13, 2015 at 9:46 am #2382Jamie BowenModerator
What is your deployment architecture?
JamieJanuary 13, 2015 at 10:32 am #2385vestax84Participant
Architecture is as follow:
OpenAM DAS UI
Weblogic Server with J2EE Policy Agent
As this is a test server everything is installed in the same linux box. The same issue happened in production where this architecture was clustered and we managed to solve it swapping OpenDS with OpenDJ.January 14, 2015 at 3:26 am #2404Peter MajorModerator
OpenDS is really old now, and there were a lot of improvements implemented with OpenDJ, amongst other things: performance improvements around handling static groups. I would suggest to use the latest version of OpenDJ and always make sure that you have no unindexed searches slowing down your deployment.
You must be logged in to reply to this topic.