WAM UI Login and Federation partnership section is slow in Azure deployment

book

Article ID: 194446

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

Customer is moving services from on-premise data center to Azure VM. 

Everything works fine from on-premise data center, but newly deployed environment on Azure experiencing significant performance delay.

WAM UI takes some time to login but once logged in, everything appears to be quick except the Partnership federation section. This section take more than 2 minutes to load per page and is slow for every click inside this section.  There is no delay observed for non-federation request.

There was no CPU/memory problem, or file descriptor, entropy shortage.

Environment details:

On Premise:
Siteminder  : R 12.8 SP 2
OS version  : RHEL 7.7

Azure:
Siteminder  : R 12.8 SP 3
OS version  : RHEL 7.8

Cause

Minor version difference is not the cause of the problem.

Azure VM was not one of the officially certified virtualization solutions by Siteminder.

Based on WAMUI Logs, there is delay(~12 sec) in the WAMUI server itself while building the request for each object. For federation, it would be more time since number of objects to be fetched are more.
But response is quick once policy server receives it.  

2020-06-08 12:56:23,399 [DEBUG] com.ca.federation.client.XPSHandle [] - INFO_BUILD_REQDATA
2020-06-08 12:56:24,499 [DEBUG] com.ca.siteminder.rpc.rpc.ClientDispatcher [] - call getCacheUpdates
2020-06-08 12:56:34,501 [DEBUG] com.ca.siteminder.rpc.rpc.ClientDispatcher [] - call getCacheUpdates
2020-06-08 12:56:35,424 [DEBUG] com.ca.federation.client.xml [] -

Request: <Request ClientInfo="hostname-vpn/x.x.x.x" Country="US" Language="en" PlatformInfo="Linux-3.10.0-1127.8.2.el7.x86_64(amd64)" ProtocolVersion="1.0">
<Admin>SM://00013363-b24e-1846-b24e-8d7c800ba06e/siteminder</Admin>
<Workspace/>
<ReqContent type="Search">
<Class NRec="0" Name="CA.XPS::Class" SRec="0" SearchOp="Pick">
<Pick Attr="CA.XPS::Class.ParentClass"/>
<Filters>
<Clause Case="false" Name="CA.XPS::Class.ExtensionClass" Op="EQ" Val="true"/>
</Filters>
</Class>
</ReqContent>
</Request>

When adminui frames a request to policy server it use to get ClientInfo ( ClientInfo="hostname-vpn/x.x.x.x" ) for every request by calling InetAddress.getLocalHost().toString(), this call might be delaying in getting HostName/IP due to DNS resolution or may be deployment model.

Environment

Release : 12.8.03

Component : SITEMINDER WAM UI

Resolution

Admin ui dev fix (fedclient.jar and xpssdk.jar) was provided to customer, but customer chose to resolve this problem from a work around by adding host entry of the policy server hostname. 

Additional Information

DE465318