When putting load on our environment, Policy Server reports randomly authreason 38
Article ID: 75010
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
AXIOMATICS POLICY SERVER
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
We run Web Agent, and when the same user login within the same second, the first tentative fails as the second with the same credentials succeeds :
[Az][AzAccept][][myagent][04/Sep/2017:11:37:59 +0000][myagent]
[3+YR9IwUQAQ1gs5142aIiBm/fZk=][cn=myuser,ou=myldap,o=com][03-0005cd09-d0fc-1829-dsd4-fd130a464057]
[myrealm][06-0007b613-4645-1834-a251-fd190a4640f7][UNKNOWN][/protected/]
[GET][][][][0000000000000000000000008c8415ab-c5a8-59ad3b17-1afee700-28a576b8b5ea][]
[mydomain][][][][][]
[Auth][AuthReject][38][myagent][04/Sep/2017:11:37:59 +0000][myagent]
[56Yr3GKp9Ipcd8d7+OeVU1kLOGo=][cn=myuser,ou=myldap,o=com][03-0005cd09-d0fc-1829-dsd4-fd130a464057]
[myrealm][06-0007b613-4645-1834-a251-fd190a4640f7][UNKNOWN][/protected/]
[GET][myuserstore][master failover,master
failover,master failover,master
failover,master failover,master
failover,master failover,master
failover][LDAP:][][][mydomain][][][][][]
curl -H "Authorization: Basic bTk1MDAzNzoxMjNWbGllZ251b3Ah" -H "Cookie: SMCHALLENGE=YES" https://myhost.mydomain.com/protected/
This script runs 20 Authentications a minute;
Why is this happening? How can we fix this?
[Az][AzAccept][][myagent][04/Sep/2017:11:37:59 +0000][myagent]
[3+YR9IwUQAQ1gs5142aIiBm/fZk=][cn=myuser,ou=myldap,o=com][03-0005cd09-d0fc-1829-dsd4-fd130a464057]
[myrealm][06-0007b613-4645-1834-a251-fd190a4640f7][UNKNOWN][/protected/]
[GET][][][][0000000000000000000000008c8415ab-c5a8-59ad3b17-1afee700-28a576b8b5ea][]
[mydomain][][][][][]
[Auth][AuthReject][38][myagent][04/Sep/2017:11:37:59 +0000][myagent]
[56Yr3GKp9Ipcd8d7+OeVU1kLOGo=][cn=myuser,ou=myldap,o=com][03-0005cd09-d0fc-1829-dsd4-fd130a464057]
[myrealm][06-0007b613-4645-1834-a251-fd190a4640f7][UNKNOWN][/protected/]
[GET][myuserstore][master failover,master
failover,master failover,master
failover,master failover,master
failover,master failover,master
failover][LDAP:][][][mydomain][][][][][]
curl -H "Authorization: Basic bTk1MDAzNzoxMjNWbGllZ251b3Ah" -H "Cookie: SMCHALLENGE=YES" https://myhost.mydomain.com/protected/
This script runs 20 Authentications a minute;
Why is this happening? How can we fix this?
Cause
This issue occurs because the Policy Server tries to update a field that the Novell LDAP Server hasn't replicated completely.
Environment
Web Agent R12.52 SP1 CR01 on Apache 2.2 on RedHat 6.6 64 bit;
User Store on Novell eDir LDAP 8.8.8;
User Store on Novell eDir LDAP 8.8.8;
Resolution
Disable "Track successful logins" on the password policies to solve this issue, or tune the LDAP Server replication to cope with the load you put on the environment.
Feedback
Yes
No
Powered by
