PQ58739: LTPA performance issue - Searches are done twice instead of once
Downloadable files
Abstract
PQ58739: LTPA performance issue - Searches are done twice instead of once.
Download Description
PQ58739 resolves the following problem:
ERROR DESCRIPTION:
WebSphereŽ Application Server security performs MapCredentials immediately followed by Validate when a user makes the first request. Both of these calls end up authenticating the same user twice. In particular, the call to getGroupsForUser takes several seconds on each of the two occasions. If we could take away one of these seemingly redundant calls (the one made during Validate), this would significantly improve performance.
LOCAL FIX:
The following efix has been created for the problem:
ltp-cred-cache-354.jar
USERS AFFECTED:
WebSphere Application Server users of LTPA authentication with custom login.
PROBLEM DESCRIPTION:
Performance improvement for LTPA authentication with custom login or Form login
RECOMMENDATION:
Apply this efix to improve performance for LTPA authentication.
This is a performance improvement efix. In this efix, credential cache techniques are used to reduce the number of LTPA server calls. For custom Form login with LTPA authentication, the number of LDAP searches are reduced by half.
PROBLEM CONCLUSION:
Unnecessary LDAP searches may cause performance problems.
When using LTPA authentication and custom login form login, the credential was unnecessarily created twice, which resulted in some extra LDAP searches. This fix reduces those unnecessary LDAP searches, improving performance.
Prerequisites
WebSphere Application Server V3.5.4, V3.5.5 or V3.5.6
Installation instructions
Copy PQ58739-3.5.4-3.5.5-3.5.6.jar to a directory, and add PQ58739-3.5.4-3.5.5-3.5.6.jar to the
beginning of WebSphere Application Server's classpath in the admin.config file.
Please view the readme file for further instructions.