search cancel

AgentWaitTime parameter Explained in webagent.conf

book

Article ID: 41408

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

 

During troubleshooting connectivity issues between Web Agent and Policy Server, the documentation mentions the AgentWaitTime parameter (1).

  • What is the purpose of AgentWaitTime?
  • How to configure it?
  • What is the default value?
  • Is there a maximum value?
  • Is there any formula to calculate the optimum value?
  • Are there any disadvantages to setting it to a high value?
  • What impact does agentwaittime have on Web Server stop?

Resolution

 

What is the purpose of AgentWaitTime?

  It specifies the number of seconds the Web Agent is allowed to wait for the Low-Level Agent Worker process (LLAWP) to become available. When the interval expires the Web Agent tries to connect to the Policy Server. Setting this parameter may help resolve agent start-up errors related to slower network connectivity or slow Web Server initialization.

How to configure it?

  As this setting is related to Agent initialization, it still has not contacted Policy Server and loaded the ACO from the Policy Store. This parameter must be configured locally in the WebAgent.conf file.

What is the default value?

  • In FIPS Only mode, the default minimum value is 20 seconds.
  • In all other FIPS modes, the default minimum value is 5 seconds.
  • The default value is higher in FIPS Only mode, to account for slower ETPKI initialization time.

Is there a maximum value?

  There is no maximum value.

Is there any formula to calculate the optimum value?  

  The following formula could be used as a guide for calculating the optimum value for AgentWaitTime:

  The_number_of_Policy_Servers x 30) + 10 = value of the AgentWaitTime parameter (in seconds).

  For example, if there are 5 Policy Servers, then set the value of the AgentWaitTime parameter to 160. [(5x30) + 10 = 160] (seconds).

  Here, the Policy Servers used are the only bootstrap Policy Servers as specified in the SmHost.conf file. The idea is to allow at least 30 seconds interval for initialization of each bootstrap Policy Server.

  However, that said, this is just guidance. Choose any higher value that is necessary.

Are there any disadvantages to setting it to a high value?

  If the network is good and the LLAWP takes only a few seconds to connect to Policy Server and perform initialization, then even having a specified higher value for AgentWaitTime that will not matter.

  For E.g. configured AgentWaitTime is 200 seconds.

  But as the network is in a good state and it took Web Agent only 5 seconds to initialize, then it will only spend 5 seconds in initialization, it won’t wait for the complete 200 seconds to expire.

  In that sense, there is NO disadvantage to setting AgentWaitTime to a high value.

  Moreover, AgentWaitTime plays a role only during initialization/startup, it does not have any impact whatsoever on the normal communication of the Agent to the Policy Server, e.g isProtected, isAuthroized calls, etc.

What impact does it have on Web Server stop?

  None

 

Additional Information

 

(1)

    Troubleshooting Agent Configuration

      AgentWaitTime
      Default value: 5

      For more information, see Accommodate Network Latency section in
      Basic Agent Setup and Policy Server Connections.