SiteMinder : Policy server report with "Execution time exceeded threshold user="
search cancel

SiteMinder : Policy server report with "Execution time exceeded threshold user="


Article ID: 213981


Updated On:




While running Policy Server, intermittently the Policy Server might write log lines where the user variable has no value, ie. : user=.

To illustrate :

  [1646/140397614155520][Thu Apr 08 2021 13:01:31][SmAuthorization.cpp:2248][INFO]
  [sm-log-00000] Execution time exceeded threshold. (CSmAz::ProcessActiveExpression, 7295, 5000, 
  agent=myAgent client= server=  resource=/exampleApp action=GET user=)



At first glance, This could occur when there is an absence of user value might be caused of a specific process hasn't finished yet. From the given snippet, the value seems to be missing when the Policy Server is at the Authorization phase.

To illustrate that, if the Policy Server takes too much time to analyze the CRL cache for a given user, the Policy Server line will reports no value for the user with similar line. Also, if the processing of SAML Response takes too long, a similar log line with the user without value can be shown in below

Example (1)

 Policy Server :: Slow CRL Processing : Finding the CRL in the cache

      22 secs spend here :

      [05/10/2019][08:58:50.486][2359943][140382136428288][ Finding the CRL in the cache]
    [][][][][][][][][][][2B 68 03 BC 00 00 00 0B 25 50][][]

      [05/10/2019][08:59:12.680][2359943][140382136428288][ Checking Validity of CRL]

      [sm-log-00000] Execution time exceeded threshold. (CServer::ProcessRequest, 
    322184, 5000, agent=myagent client=* server=
      resource=/redirectSmartCard/ action=GET user=)][08:59:13][CServer.cpp:6372][][]

Example (2)

    AuthnResponse contains not SAML compliant Timestamp

      Execution time exceeded threshold. (CServer::Tunnel, 6098, 5000, 
    agent=sps-training-com client=* server=
      npfVeWkfNxXaLkYjNFzersM4xfJZWG8%2Ff%2FP5Tc%3D action=GET user=)][][][][][]

It's also possible the process ends the request correctly. Policy Server writes this line because the process is not finished yet, but takes more time than threshold value (5s). In the Policy Server traces, you should see after that line if the process ends correctly or with an error later. Mainly, when you see user= is because at the stage the process is, the value is not yet known. Again, that doesn't mean the authorization will fail.


Additional Information