Customer is moving services from on-premise data center to Azure VM.
Everything works fine from on-premise data center, but newly deployed environment on Azure experiencing significant performance delay.
WAM UI takes some time to login but once logged in, everything appears to be quick except the Partnership federation section. This section take more than 2 minutes to load per page and is slow for every click inside this section. There is no delay observed for non-federation request.
There was no CPU/memory problem, or file descriptor, entropy shortage.
Siteminder : R 12.8 SP 2
OS version : RHEL 7.7
Siteminder : R 12.8 SP 3
OS version : RHEL 7.8
Minor version difference is not the cause of the problem.
Azure VM was not one of the officially certified virtualization solutions by Siteminder.
Based on WAMUI Logs, there is delay(~12 sec) in the WAMUI server itself while building the request for each object. For federation, it would be more time since number of objects to be fetched are more.
But response is quick once policy server receives it.
2020-06-08 12:56:23,399 [DEBUG] com.ca.federation.client.XPSHandle  - INFO_BUILD_REQDATA
2020-06-08 12:56:24,499 [DEBUG] com.ca.siteminder.rpc.rpc.ClientDispatcher  - call getCacheUpdates
2020-06-08 12:56:34,501 [DEBUG] com.ca.siteminder.rpc.rpc.ClientDispatcher  - call getCacheUpdates
2020-06-08 12:56:35,424 [DEBUG] com.ca.federation.client.xml  -
Request: <Request ClientInfo="hostname-vpn/x.x.x.x" Country="US" Language="en" PlatformInfo="Linux-3.10.0-1127.8.2.el7.x86_64(amd64)" ProtocolVersion="1.0">
<Class NRec="0" Name="CA.XPS::Class" SRec="0" SearchOp="Pick">
<Clause Case="false" Name="CA.XPS::Class.ExtensionClass" Op="EQ" Val="true"/>
When adminui frames a request to policy server it use to get ClientInfo ( ClientInfo="hostname-vpn/x.x.x.x" ) for every request by calling InetAddress.getLocalHost().toString(), this call might be delaying in getting HostName/IP due to DNS resolution or may be deployment model.
Release : 12.8.03
Component : SITEMINDER WAM UI
Admin ui dev fix (fedclient.jar and xpssdk.jar) was provided to customer, but customer chose to resolve this problem from a work around by adding host entry of the policy server hostname.