search cancel

Execution time exceeded threshold user=


Article ID: 213981


Updated On:





When running Policy Server, intermittently the Policy Server might
write log lines where the user variable has no value, ie. : user=.

To illustrate :

  [1646/140397614155520][Thu Apr 08 2021 13:01:31][SmAuthorization.cpp:2248][INFO]
  [sm-log-00000] Execution time exceeded threshold. (CSmAz::ProcessActiveExpression, 7295, 5000, 
  agent=myAgent client= server= 
  resource=/myApp action=GET user=)



At first glance, the absence of user value might be caused of a
specific process hasn't finished yet. From the given snippet, the
value seems to be missing when the Policy Server is at the
Authorization phase.

To illustrate that, if the Policy Server takes too much time to
analyse the CRL cache for a given user, the Policy Server line will
reports no value for the user with similar line. Also, if the
processing of SAMLResponse takes too long, a similar log line with the
user without value can be shown (1)(2).

It's also possible the process ends the request correctly. Policy
Server writes this line because the process is not finished yet, but
takes more time than threshold value (5s). In the Policy Server
traces, you should see after that line if the process ends correctly
or with an error later. Mainly, when you see user= is because at the
stage the process is, the value is not yet known. Again, that doesn't
mean the authorization will fail.


Additional Information



    Policy Server :: Slow CRL Processing : Finding the CRL in the cache

      22 secs spend here :

      __[05/10/2019][08:58:50.486][2359943][140382136428288][ Finding the CRL in the cache]
      [][][][][][][][][][][2B 68 03 BC 00 00 00 0B 25 50][][]

      __[05/10/2019][08:59:12.680][2359943][140382136428288][ Checking Validity of CRL]

      [sm-log-00000] Execution time exceeded threshold. (CServer::ProcessRequest, 
      322184, 5000, agent=myagent client=* server= 
      resource=/redirectSmartCard/ action=GET user=)][08:59:13][CServer.cpp:6372][][]
    AuthnResponse contains not SAML compliant Timestamp

      Execution time exceeded threshold. (CServer::Tunnel, 6098, 5000, 
      agent=sps-training-com client=* server= 
      npfVeWkfNxXaLkYjNFzersM4xfJZWG8%2Ff%2FP5Tc%3D action=GET user=)][][][][][]