Slow performance with Advanced Authentication

  • Document ID:7024097
  • Creation Date:29-Aug-2019
  • Modified Date:05-Sep-2019
    • Micro Focus Products:
      Advanced Authentication

Environment

Advanced Authentication
Advanced Auth 6.2

Situation

Slow performance with Advanced Authentication
Authentication is slower with Advanced Authentication

Resolution

Slow performance in Advanced Authentication is most commonly caused by one or more of the following:
Low bandwidth or network connectivity problems
REPO performance issues
AAF server performance issues
Third party problems 

For bandwidth or network connectivity problems try one or more of  the following:
- Enable HTTP compression   from the Admin page, under Policies, HTTPS options

- Enforce Cached Login     add the following to  config.properties on the workstations:

forceCachedLogon: true

The full path is \ProgramData\NEtIQ\Windows Client\config.properties. Create the file if it is not present.  Requires restarting Windows. 

For Repo performance issues try one or more of the following:

- Enable Paged Search  --  From the Admin page, select the repository, Edit, Advanced Settings.  By default this is on.  Try toggling this on and off and see which works best.

- Enable Nested Groups support -- From the Admin page, select the repository, Edit, Advanced Settings.  By default this is on.  Try turning it off. Try toggling this on and off and see which works best.

- Enable Cached logon -- From the Admin page, Edit the LDAP Password method.  Make sure "Enable Cached logon" is set to ON.  If off, AAF always contacts the LDAP server to verify the LDAP password.  If on, AAF uses the cached LDAP password.

- LDAP Caching --> From the Admin page, policies, Login options. Off by default, try changing to ON.  When on, Advanced Authenticaiton stores LDAP information on the AA server  (e.g. password expiry, disabled account, etc.

To see if the problem is with the Advanced Authentication server, check the following:
- Check AAF server web portals, are they responsive? 
- Check hardware activity
              Sort the output by CPU:
              ps aux --sort pcpu

              Examine RAM and swap usage:                  
              free 

For third party issues consider the technical workflow of the authentication requests.  Does the auth request go to a load balancer or network filter?  What chains are used? Are other chains faster?  


Additional Information

It is also important to understanding the environment, e.g. is Advanced Authentication in a cluster or not, what is the repo type, what versions of AAF Server/Client are running, and how much memory is allocated for AAF Server?

Log files from server and workstation may be helpful.