Layer 7 Access Management

Tech Tip : CA Single Sign-On : When putting load on our environment, Policy Server reports randomly authreason 38

  • 1.  Tech Tip : CA Single Sign-On : When putting load on our environment, Policy Server reports randomly authreason 38

    Posted 04-06-2018 10:03 AM

    Issue:


    We run Web Agent, and when the same user login within the same second, the first tentative fails as the second with the same credentials succeeds :

    [Az][AzAccept][][myagent][04/Sep/2017:11:37:59 +0000][myagent]
    [3+YR9IwUQAQ1gs5142aIiBm/fZk=][cn=myuser,ou=myldap,o=com][03-0005cd09-d0fc-1829-dsd4-fd130a464057]
    [myrealm][06-0007b613-4645-1834-a251-fd190a4640f7][UNKNOWN][/protected/]
    [GET][][][][0000000000000000000000008c8415ab-c5a8-59ad3b17-1afee700-28a576b8b5ea][]
    [mydomain][][][][][]

    [Auth][AuthReject][38][myagent][04/Sep/2017:11:37:59 +0000][myagent]
    [56Yr3GKp9Ipcd8d7+OeVU1kLOGo=][cn=myuser,ou=myldap,o=com][03-0005cd09-d0fc-1829-dsd4-fd130a464057]
    [myrealm][06-0007b613-4645-1834-a251-fd190a4640f7][UNKNOWN][/protected/]
    [GET][myuserstore][master failover,master
    failover,master failover,master
    failover,master failover,master
    failover,master failover,master
    failover][LDAP:][][][mydomain][][][][][]

    curl -H "Authorization: Basic bTk1MDAzNzoxMjNWbGllZ251b3Ah" -H "Cookie: SMCHALLENGE=YES" https://myhost.mydomain.com/protected/

    This script runs 20 Authentications a minute;

    Why is this happening? How can we fix this?

    Environment:

     

    Web Agent R12.52 SP1 CR01 on Apache 2.2 on RedHat 6.6 64 bit;
    User Store on Novell eDir LDAP 8.8.8;

    Cause:

     

    This issue occurs because the Policy Server tries to update a field that the Novell LDAP Server hasn't replicated completely.

    Resolution:

     

    Disable "Track successful logins" on the password policies to solve this issue, or tune the LDAP Server replication to cope with the load you put on the environment.

    KB : kb000075010