Symantec Access Management

Hi All,

We are configured same application which installed in 2 servers in siteminder using agent. Both login pages configured in LB.

When we hit application url then LB login page will come and from that application will open.

Now, LB login page coming very slow and sometimes not opening.

We using 12.51 version on windows 2008 R2.

anyone Please check and help us to find out reason.

Regards,

Girish 

Hi Girish,

You first have to identify which part of the transaction is tresponsible for the slowness.  If you have the flexibility to disable the web agent for a test, that would easily discern whether Siteminder is playing a role in the slowness or not. 

If you cannot disable the web agent for a test, you'll need to make sure trace logging is enabled in both the web agent and policy server.  Run the use case and then study the web agent trace log.  The web agent must pass through three phases as it processes any request: IsProtected, IsAuthenticated, and IsAuthorized.  

Presumably an unauthenticated user is requesting a protected resource, and thus the response is a login page.  Let's also assume the system has just been restarted, so nothing is in the web agent's cache.  You will see the web agent make the IsProtected call to the policy server for the requested resource.  The policy server responds from its policy store cache, so this response is typically very fast.  Now that the web agent is aware the requested resource is protected, it will make the IsAuthenticated call.  Here, the user did not present a session cookie, so there is no session to validate and thus the web agent has determined that the user is not authenticated without making a call to the policy server.  Because the user is not authenticated, the web agent does not proceed to the IsAuthorized phase and instead challenges the user for authentication based on the auth scheme that is assigned to the realm that is protecting the requested resource.  The web agent then redirects the user to the login form, and the process repeats for this newly requested resource.  

For the request for the login form, the web agent knows by configuration that the resource is not protected.  This allows the web agent to instruct the web server to serve the form for this user.  

All log entries will obviously have timestamps, so it will be easy to see how much of the total processing time is consumed by the web agent.

There is a SIteminder trace log analysis tool available for download (it can be used on web agent or policy server trace logs).  Info and downloads can be found here (use the View Attached link at the top to access the download):
https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?MessageKey=08008f22-0cbb-433d-916a-2dc4b1048062&CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295&tab=digestviewer#bm08008f22-0cbb-433d-916a-2dc4b1048062

You are likely aware, but I must mention that you are running extremely old software that has been out of support for many years.  While functionally this will be fine, from a security standpoint it is a big risk since Broadcom no longer tests for or tracks vulnerabilities that may apply to older, unsupported releases.  The latest release of the web agent is 12.8 and the policy server is at 12.9.  Also be aware that Broadcom drops support for third party components such as OS releases when the third-party vendor drops mainstream support for those components.

Regards,
Pete

Hi All,

We are configured same application which installed in 2 servers in siteminder using agent. Both login pages configured in LB.

When we hit application url then LB login page will come and from that application will open.

Now, LB login page coming very slow and sometimes not opening.

We using 12.51 version on windows 2008 R2.

anyone Please check and help us to find out reason.

Regards,

Girish