APAR status |
Closed as program error.
| Error description
When trust association is enabled on a 3.5.x system, there are
performance problems with authorization since it seems the
credentials are recreated, re-mapped, and re-validated for every
request from the same user (instead of going through this just
for the first request). Federal Reserve is reporting that they
see a 15-20 second response for every request. Local fix
A temporary fix has been sent to the customer to test. This fix
requires customer to enable SSO and we then use the LtpaToken
cookie to communicate with the client and bypass the path taken
for credential validation by the trust association code. Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users *
* using Trust Association. *
****************************************************************
* PROBLEM DESCRIPTION: Potential performance issues for web *
* based (browser) clients if Trust *
* Association is configured and LDAP *
* response times are excessively long. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
If Trust Association is configured, the WebSphere credential
caches were not being used to cache users credentials. As a
result, LDAP was called for each user request. Problem conclusion
The concentration of this APAR was to provide a mechanism for
properly caching user credentials. By applying this APAR
performance will not improve for the initial web request,
however, each subsequent request will be substantially
improved unless one of the following two conditions occurs.
.
1. The users credentials have expired from the cache as the
user has not made a request within the security cache timeout
setting.
2. The users LTPA Token has expired. Temporary fix
There is an efix available for this issue. Comments
APAR information | APAR number | PQ53051 | Reported component name | WAS ADVANCED SU | Reported component ID | 5648C8402 | Reported release | 350 | Status | CLOSED PER | PE | NoPE | HIPER | NoHIPER | Submitted date | 2001-10-03 | Closed date | 2001-10-29 | Last modified date | 2001-12-17 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:APAR is sysrouted FROM one or more of the following:
Modules/Macros APAR is sysrouted TO one or more of the following:Modules/Macros
|
Fix information |
Fixed component name | WAS ADVANCED SU | Fixed component ID | 5648C8402 |
Applicable component levels | R350 PSY | UP |
|