When running a Policy Server, intermittent authentication delays occur.
The smps.log reports :
[1436/8584][Thu Dec 12 2019 12:34:36][SmAuthUser.cpp:947][INFO][sm-log-00000] Execution time exceeded threshold. (AuthenticateDsUser, 10265, 10000, agent= client=10.0.0.1 server= resource=/<application> action=GET user=<user>)
[1436/8584][Thu Dec 12 2019 12:34:36][SmAuthDir.cpp:90][INFO][sm-log-00000] Execution time exceeded threshold. (SmAuthenticate, 10265, 10000, agent= client=10.0.0.1 server= resource=/<application> action=GET user=<user>)
The LDAP server doesn't answer in 10 seconds, and as such the Policy Server has to rebuild the connection to the LDAP Server.
smtracedefault.log:
[1436][6028][11:49:10][11:49:10.658][12/20/2019][][][][Authenticating user by the auth scheme][][][<user>][][][][LDAP://ldap.example.com ldap.example.com,ldap.example.com ldap.example.com/cn=<USER>,dc=training,dc=com][][][][][][][][SmAuthUser.cpp:5437][CSmAuthUser::Authenticate][][]
[1436][6028][11:49:10][11:49:10.658][12/20/2019][][][][Start of call AuthenticateUser.][][][][][][][][User ='cn=<USER>,dc=training,dc=com'][][][][][][][SmDsUser.cpp:229][CSmDsUser::Authenticate][][]
[1436][6028][11:49:20][11:49:20.518][12/20/2019][][][][Marked user connection (seq: 51546) ldap.example.com:636 as Close Pending][][][][][][][][][][][][][][][SmDsLdapConnMgr.cpp:499][CSmDsLdapConnMgr::AddDeadHandleList][][]
[1436][6028][11:49:20][11:49:20.518][12/20/2019][][][][Marked userconnection (seq: 51548) ldap.example.com:636 as Close Pending][][][][][][][][][][][][][][][SmDsLdapConnMgr.cpp:499][CSmDsLdapConnMgr::AddDeadHandleList][][]
[1436][6028][11:49:20][11:49:20.533][12/20/2019][][][][Reconnect to server 'ldap.example.com:636' as it's previous connections are closed and it is available for connecting now][][][][][][][][][][][][][][][SmDsLdapFunctionImpl.cpp:2151][CSmDsLdapProvider::RebindServer][][]
[1436][6028][11:49:20][11:49:20.533][12/20/2019][][][][LogMessage:WARN:[sm-Ldap-02910] SSLv3 client protocol is disabled. If connection fails configure LDAP server to support TLS protocols.][][][][][][][][][][][][][][][SmDsLdapConnMgr.cpp:758][][][]
[1436][6028][11:49:20][11:49:20.549][12/20/2019][][][][Successful V3 Bind server][][][][][][][][][][][][][][][SmDsLdapConnMgr.cpp:909][IsAvailable][][]
[1436][6028][11:49:21][11:49:21.611][12/20/2019][][][][LogMessage:INFO:[sm-log-00000]Execution time exceeded threshold. (AuthenticateDsUser, 10953,10000, agent= client=10.0.0.1 server= resource=/<application> action=GETuser=<user>)][][][][][][][][][][][][][][][SmAuthUser.cpp:947][][][]
[1436][6028][11:49:21][11:49:21.611][12/20/2019][monitoringagent][s5869125/r5][][** Status: Authenticated. ][][][<user>][][][][][][][][][][][][Sm_Auth_Message.cpp:4835][ CSm_Auth_Message::SendReply][][]
This delay is due to the 10 second timeout for the LDAP ping request, managed by the Policy Server registry key LDAPPingTimeout (1)(2)(3).
Investigate the LDAP Store and the firewall to understand why LDAP connections are initiated constantly and why occasionally LDAP is not providing response during LDAP ping timeout period.