Idea Details

SiteMinder connection timeout to Audit DB

Last activity 06-13-2019 10:13 AM
TC Ip's profile image
03-22-2015 11:08 PM

We encounter an issue that when the audit database performing DB re-indexing or the DB somehow busy and no response, All SiteMinder thread will being hang and SSO is out of service.

 

SiteMinder should implement a ODBC timeout mechanism to drop the connection if it is waiting too long from DB. Although one said audit data is important and we need to wait for DB to commit the insertion action. Can we implement the timeout mechanism one the DB no response, return the error and insert statement to smps.log such that administrator can follow up on the failure record?


Comments

10-16-2017 02:27 AM

Hi,

 

We have a similar scenario at our end, where in there are a lot of inactive sessions present between policy server and Oracle DB. We are trying to find configurations in the policy server to close these inactive sessions.

SID    SERIAL# USERNAME   OSUSER          MACHINE                             STATUS   TO_CHAR(LOGON_TIME,

---------- ---------- ---------- --------------- ----------------------------------- -------- -------------------

        38      13745 PIS_APP    xxxxxxxx          sessiuwsp00004                      INACTIVE 31/08/2017-06:08:16

       169       7865 PIS_APP    xxxxxxxx          sesbiuwsp00001                      INACTIVE 31/08/2017-06:08:21

       134      18457 PIS_APP   xxxxxxxx          sesbiuwsp00002                      INACTIVE 02/09/2017-06:09:26

       180      19417 PIS_APP   xxxxxxxx          sesbiuwsp00002                      INACTIVE 02/09/2017-06:09:26

       229      45227 PIS_APP   xxxxxxxx          sesbiuwsp00001                      INACTIVE 02/09/2017-06:09:27

 

We checked for the sm.registry file and below are the values present for the parameters mentioned,

 

HKEY_LOCAL_MACHINE\SOFTWARE\Netegrity\SiteMinder\CurrentVersion\Database=31051

ConnectionHangwaitTime=         0x46;                     REG_DWORD

ConnectionTimeout=                   0x41;                     REG_DWORD

LoginTimeout=                            0xf;                        REG_DWORD

QueryTimeout=                           0x1e;                     REG_DWORD

 

Can you please check and suggest any other way of closing these inactive sessions.

 

Regards,

Pankaj Sharma

12-12-2016 05:49 PM

Thank you for your contribution of an enhancement idea to the CA Community. CA is continually working to improve its software and services to best meet the needs of its customers. Your input is vital to that effort. The CA Single Sign-On Product Management team has reviewed your suggested enhancement. Based on current roadmap priorities and/or the limited amount of community support for this idea over the last year (please see this document describing how we are reviewing ideas: https://communities.ca.com/docs/DOC-231170123), we are not accepting this idea into the product backlog. Therefore, it is being moved to a “Not Planned” status.  

04-18-2015 10:21 AM

Hi Herbert,

 

Yes, that's exactly what we want. Thanks

 

TC

04-17-2015 06:45 PM

Hi TC,  Pls. confirm that you are asking for the following:

 

- implement a "error" entry in smps.log to a timeout event when the DB does not respond during an audit transaction

- also ensure that if db does not respond that SSO does not hang/go out of service.

 

Will also check to see if there are any settings in the DataDirect driver that can help here.

03-23-2015 10:05 PM

Hi Ujwol,

 

Actually we have checked with support (#00028687) and they said there is no such configuration and asking us for enhancement request. Thus I am not sure the settings you mention can apply in our case.

 

TC

03-23-2015 08:54 PM

Hi Tc,

 

We already have many configurable timeout options for ODBC & Policy server connections.

Have you tried out playing around with following :

 

Reference : https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052%20SP1-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?360332.html?zoom_highlightsub=database%2Btimeout

 

The parameters listed following control timeout for the connection between and ODBC database and the Policy Server in various situations. The key on Windows and UNIX is available the following location:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\Database 
"LoginTimeout"

The time that is allowed to connect to the database.

"QueryTimeout"

Allows 30 seconds for the query to complete. When the query does not complete within this time, a cancel request is sent to the database. For an ODBC user directory, the query timeout is overridden with the user directory object Searchtimeout. You set this value using XPSExplorer.

"ConnectionHangWaitTime"

The number of seconds before the Policy Server marks a connection as hung. This value must be larger than twice the value of QueryTimeout or SearchTimeout.

"ConnectionTimeout"

The maximum wait time on a connection. In cases where the query timeout or the log-in timeout apply, those values override the connectiontimeout.