Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11498

Timeout on first policy request seen when first authentication is via rest.

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Cannot Reproduce
    • 13.5.0, 13.5.1
    • None
    • None
    •  OpenAM | 13.5.0
      | Httpd | 2.4.27 |
      | Gatling | 2.2.5 |
      | HttpdAgent | 4.1.0_20-F469-RC2 |
      | Tomcat | 7.0.70 |
    • Rank:
      1|hztzav:

      Description

      Bug description

      With 100000 users with 100000 policies which have just been created, there are two consecutive 5 second timeout seen in the agent logs

      How to reproduce the issue

      Using djsdk create 100k users.

      Using ssoadm set up 10k plus policies authorizing get and post for a specific user
      eg user.0 has get/post access to Resource0.html.

      Create a separate policy for index.html and logout.html. Allow get/post for all authenticated users.

      Set a generic NEU for NotEnforced*.html

      1. perform a rest authentication as user0
      2. request the resource to Resource0.html using the json token.
      Expected behaviour
      { 200 response with the contents is given via curl }
      Current behaviour
      { Timeout message is sent back to the browser / curl or automation framework,
      In Agent logs we see this:
      
      2017-08-07 12:01:34.927 +0200 WARNING [0x7fa7397bd700:24861] am_net_sync_recv(): timeout waiting for a response from a server
      2017-08-07 12:01:34.927 +0200 WARNING [0x7fa7397bd700:24861] validate_policy(): retry 0 (remote session/policy call failure: invalid argument)
      2017-08-07 12:01:40.952 +0200 WARNING [0x7fa7397bd700:24861] am_net_sync_recv(): timeout waiting for a response from a server
      2017-08-07 12:01:40.952 +0200 WARNING [0x7fa7397bd700:24861] validate_policy(): retry 1 (remote session/policy call failure: invalid argument)
      
      }
      

      Work around

      OPTIONAL - If you have a workaround, please put the details here (remove this text)

      Code analysis

      OPTIONAL - If you already investigated the code, please share your finding here (remove this text)

      org.forgerock.$className.java
      ...
      

        Attachments

          Activity

            People

            Unassigned Unassigned
            alex.levin@forgerock.com Alex Levin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: