Thursday, October 19, 2006

 

Anonymous Authentication Resources SLOW

Problem Oracle Access Manager (formerly COREid) is extremely slow or does not serve content from servers protected by the Anonymous Authentication Scheme (formerly Netpoint None). This can include FAQ pages, login pages, images, style sheets, etc.

Background The Anonymous Authentication scheme is used in cases where the WebGate has its DenyOnNotProtected property set to TRUE. The anonymous authentication scheme maps the OblixAnonymous user int eh credential_mapping plugin. By default this is mapped to the uid attribute. The uid attribute is indexed by default in some directory servers but not in AD/AM. In AD/AM the attribute is added as part of the iNetOrgPerson schema extension and is not indexed.

Solution If you are having a problem similar to this one, check to see if the Anonymous Authentication scheme is using the uid attribute in teh credential_mapping plugin. If it is then check to see if the attribtue is indexed in the directory server (if using AD/AM it will not be indexed by default). If it is not indexed then there are a couple of options:

  1. index the attribute in the directory (may be harder on some directory platforms than others; very easy on AD/AM)

  2. change the attribute in the Anonymous Authentication Scheme's credential mapping step to an attribute that IS already indexed



Potential Cause How did this problem occur? It seemed to just appear over night. The likely cause of this problem is an increase in the amount of data in the user directory server. More data will cause a search on an unindexed attribute to yield incorrect incomplete results more frequently than if there is less data in the directory. This is because the look thur limit the directory imposes on the searhcing user may be exhausted before the entry (or entries) is located.

Comments:
If denyonnotprotected is set to false then there is no reason for anonymous schemes to be used. Don't you mean

"The Anonymous Authentication scheme is used in cases where the WebGate has its DenyOnNotProtected property set to true."?
 
Indeed. Thanks. It's fixed.
 
Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?