Request Consultation
Book a Consultation

How to Resolve CA Advanced Authentication: Timeout Fetching Users

Categories:

, , ,

Harry Wong

6 Jul 2020 • 1 min read

The CA Advanced Authentication is a Multi-Factor, Risk-based Authentication solution from Broadcom that conveniently extent CA Single Sign-On (formerly Siteminder) capability to protect web applications.

Problem

Typically after installing an instance of CA Advanced Authentication, you could test the implementation with the ca-strongauth-sampleapp sample application or by making your own API calls directly. In some scenarios,  you may encounter a persistent Server Request Timeout error when making a Fetch User call.

Upon investigating the logs may reveal errors similar to that below:

01/08/20 01:37:36.157 INFO  TXNNATIVE   00008988 00007019 - [UDS] Either Read Timeout occurred after [10000 ms] or connection [00000224AD610500] is closed by UDS server!06/08/20 01:37:36.157 DEBUG TXNNATIVE   00008988 00007019 - [UDS] TRACE: CallTrace::Leaving : [UdsServiceDefaultImpl::RSPCallbacktmp op [GETUSER] context []]. time : 10002

Cause

If the user store is configured to an Active Directory and the search base is configured to use an OU higher up in the tree (often the case if you have multiple OUs holding user accounts in different departments), numerous LDAP referrals can occur which could slow down the processing.

Solution

CA Advanced Authentication has a property file udserver.init which can be configured to ignore LDAP referrals by setting the flag as follows:

LDAP_REFFERAL_IGNORE_FLAG=ignore

Disclaimer

The document and content made available by Nebulas Tree in no way conveys any right, title, interest or license in any intellectual property rights (including but not limited to patents, copyrights, trade secrets or trademarks) contained herein. Nebulas Tree reserves the right to vary the terms of the document and content in response to changes to the specifications or information made available to Nebulas Tree.

Nebulas Tree does not assume liability for any errors or omissions in the content of this document or any referenced or associated third party document, including, but not limited to, typographical errors, inaccuracies or outdated information.  This document and all information within it are provided on an “as is” basis without any warranties of any kind, express or implied.  Any communication required or permitted in terms of this document shall be valid and effective only if submitted in writing. Reliance of any information provided herein this document is solely at your own risk.