How to Resolve CA Advanced Authentication: Timeout Fetching Users
The CA Advanced Authentication is a Multi-Factor, Risk-based Authentication solution from Broadcom that conveniently extent CA Single Sign-On (formerly Siteminder) capability to protect web applications.
Problem
Typically after installing an instance of CA Advanced Authentication, you could test the implementation with the ca-strongauth-sampleapp sample application or by making your own API calls directly. In some scenarios, you may encounter a persistent Server Request Timeout error when making a Fetch User call.
Upon investigating the logs may reveal errors similar to that below:
01/08/20 01:37:36.157 INFO TXNNATIVE 00008988 00007019 - [UDS] Either Read Timeout occurred after [10000 ms] or connection [00000224AD610500] is closed by UDS server!06/08/20 01:37:36.157 DEBUG TXNNATIVE 00008988 00007019 - [UDS] TRACE: CallTrace::Leaving : [UdsServiceDefaultImpl::RSPCallbacktmp op [GETUSER] context []]. time : 10002
Cause
If the user store is configured to an Active Directory and the search base is configured to use an OU higher up in the tree (often the case if you have multiple OUs holding user accounts in different departments), numerous LDAP referrals can occur which could slow down the processing.
Solution
CA Advanced Authentication has a property file udserver.init which can be configured to ignore LDAP referrals by setting the flag as follows:
LDAP_REFFERAL_IGNORE_FLAG=ignore