Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-6069

Make org.forgerock.openam.agents.config.policy.evaluation.* optional

    Details

    • Sprint:
      Sprint 84 - Sustaining, Sustaining Sprint 10, Sustaining Sprint 11
    • Support Ticket IDs:

      Description

      As of OpenAM 12.0.x, users no longer need to have referral policies under default realm . This is because OpenAM 12.0.0 now enables you to specify the realm and application in the policy agent profile. When PA is configured with specific realm and application type, OpenAM directs requests from the policy agent to the specified realm and application.
      http://docs.forgerock.org/en/openam/12.0.0/admin-guide/index/chap-realms.html#agent-realm-application-for-policy-decisions

      However, this feature is slowing down the speed to get PolicyEvaluator within PolicyRequestHandler. OpenAM 12 takes 37 ms till it printed out "Policy Manager constructed with..." message where as OpenAM 9.5.5 takes ~10 ms:

      amPolicy:05/20/2015 08:04:47:962 AM PDT: Thread[http-8443-1,5,main]
PolicyRequestHandler.convertEnvParams(): requestIp is 127.0.0.1
amPolicy:05/20/2015 08:04:47:962 AM PDT: Thread[http-8443-1,5,main]
PolicyRequestHandler.convertEnvParams(): requestTime is null
amPolicy:05/20/2015 08:04:47:962 AM PDT: Thread[http-8443-1,5,main]
PolicyRequestHandler.convertEnvParams(): requestTimeZone is null
 :
amPolicy:05/20/2015 08:04:47:999 AM PDT: Thread[http-8443-1,5,main]
Policy Manager constructed with SSO token  for organization: dc=jpl,dc=nasa,dc=gov

      This is because PolicyRequestHandler is retrieving PA's profile (this involves checkPermission etc), then tries to get all related application types PA admin can evaluate.

      One option is to turn off this feature if "Activate Referrals:" is on or introduce a new flag.

        Attachments

        1. OPENAM-6069.diff
          4 kB
        2. performance-test-results-11.0.3.zip
          2.23 MB
        3. threaddump-11.0.3.txt
          427 kB
        4. hotspots-11.0.3.png
          hotspots-11.0.3.png
          155 kB
        5. performance-test-results-12.0.0.zip
          1.12 MB
        6. threaddump-12.0.0.txt
          490 kB
        7. hotspots-12.0.0-with_java.png
          hotspots-12.0.0-with_java.png
          145 kB
        8. hotspots-12.0.0.png
          hotspots-12.0.0.png
          154 kB
        9. hotspots-13.0.0_with_fix.png
          hotspots-13.0.0_with_fix.png
          152 kB
        10. rps_13.0.0_with_fix.tiff
          145 kB
        11. rps_11.0.3.tiff
          155 kB
        12. contentionfix.diff
          10 kB
        13. 11_0_3_latest.tiff
          179 kB
        14. 12_with_contention_fix.tiff
          165 kB
        15. OpenSSOPrivilegeManager_120.zip
          139 kB
        16. OPENAM-6069-20150626.diff
          17 kB
        17. pllpolicytest.tar.gz
          4.84 MB

          Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-4944 PolicyEvaluation issues additional search to o=sunamhiddenrealmdelegationservicepermissions

          • Major - Major loss of function.
          • Closed

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                sachiko Sachiko Wallace
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 15h
                  15h
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 15h
                  15h