Leap Second Impact on Identity Manager
search cancel

Leap Second Impact on Identity Manager

book

Article ID: 30785

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Leap Second impact on IDM.

Environment

Release: CAPUEL99000-12.5-Identity Manager-Blended upgrade to Identity &-Access Mgmt Ente
Component:

Resolution

Our software relies on the O/S time. If your servers have software installed that syncs with the atomic server/clock, that sync would need to happen during that very second 23:59:60 occurs in order for there to be any type of concern. The chances of that happening are small, and here is an even smaller chance that it would cause a problem if it were to sync during that one second every several years. 

Most servers utilize Network Time Protocol (NTP) for time synchronization. The NTP protocol supports a leap second flag in the network protocol headers to inform clients that a leap second is impending. When the flag is set, it informs the client that the last second of the current month contains a leap second (so there can be as much as 1 month lead time informing the client that a leap second is coming). 

RFC 5905 defined NTP v4 here: https://tools.ietf.org/html/rfc5905 

Therefore, it’s not a matter of synchronizing exactly at the moment that the leap second occurs. Rather most servers that support NTP will receive the notification in an NTP header via the leap second flag sometime during the month of the leap second (typically June or December). 

Additionally, the man page for the <time.h> header file clearly states, for example, that the ‘tm_sec’ member of the ‘tm’ structure represents seconds with values from [0,60] inclusive (60 in the event of a leap second). Most programs should consider seconds to be in the possible range of 0-60. 

Leap seconds have been part of UTC since 1972.