Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-9685

SSOAdmin is slow with a site configured

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.0.0, 13.5.0
    • Fix Version/s: 13.5.1, 14.0.0
    • Component/s: audit logging
    • Labels:
    • Sprint:
      AM Sustaining Sprint 28, AM Sustaining Sprint 29
    • Support Ticket IDs:

      Description

      If you use ssoadm and your openam is behind a site, every command takes a lot of time

      How to reproduce

      • Setup openam with a site:
        LB_SITE_NAME=ssosite
        LB_PRIMARY_URL=http://openam.exampe.com:80/openam
        
      • install ssoadm and follow the instruction for a site
        -D"com.iplanet.am.naming.map.site.to.server=lb-url=openam-url[,
         other-lb-url=openam-url ...]"
        

      expected behavior

      A normal execution time

      current behavior.

      SSOAdm takes a lot of time, as it tries to connect to the audit endpoint without reading the "com.iplanet.am.naming.map.site.to.server"

      POST /openam/json/realm-audit/access?_action=create HTTP/1.1
      Accept-API-Version: protocol=1.0,resource=1.0
      iPlanetDirectoryPro: AQIC5wM2L...ABQtNTQ3MTY1ODI5MTUwODgxMzcyNwACUzEAAjAx*
      Content-Length: 374
      Content-Type: application/json; charset=UTF-8
      Host: openam.example.com:8080
      Connection: Keep-Alive
      User-Agent: Apache-HttpClient/4.4.1 (Java/1.7.0_95)
      Accept-Encoding: gzip,deflate
      {"request":{"protocol":"ssoadm","operation":"SEARCH_REALM","detail":{"search pattern":"*","recursive":"non recursive"}},"eventName":"AM-ACCESS-ATTEMPT","realm":"/","transactionId":"4f049aff..ebed330f41-0","timestamp":"2016-06-13T07:28:09.746Z","userId":"id=amadmin,ou=user,dc=opensso,dc=java,dc=net","component":"ssoadm","trackingIds":["1de71b7f0a99743101"]}HTTP/1.0 503 Service Unavailable
      Cache-Control: no-cache
      Connection: close
      Content-Type: text/html
      <html><body><h1>503 Service Unavailable</h1>
      No server is available to handle this request.
      </body></html>
      

      Workaround

      Use the option --nolog with the ssoadm command, it will disable the audit logging just for this command.

        Attachments

          Activity

            People

            • Assignee:
              quentin.castel Quentin CASTEL
              Reporter:
              quentin.castel Quentin CASTEL
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: