Anonymous Authentication Resources SLOW


Dave Bennett 19/10/2006

Problem

Oracle Access Manager (formerly COREid) is extremely slow or does not serve content from servers protected by the Anonymous Authentication Scheme (formerly Netpoint None). This can include FAQ pages, login pages, images, style sheets, etc.

Background

The Anonymous Authentication scheme is used in cases where the WebGate has its DenyOnNotProtected property set to TRUE. The anonymous authentication scheme maps the OblixAnonymous user int eh credential_mappingplugin. By default this is mapped to the uid attribute. The uid attribute is indexed by default in some directory servers but not in AD/AM. In AD/AM the attribute is added as part of the iNetOrgPerson schema extension and is not indexed.

Solution

If you are having a problem similar to this one, check to see if the Anonymous Authentication scheme is using the uid attribute in teh credential_mapping plugin. If it is then check to see if the attribute is indexed in the directory server (if using AD/AM it will not be indexed by default). If it is not indexed then there are a couple of options:

  1. index the attribute in the directory (may be harder on some directory platforms than others; very easy on AD/AM)
  2. change the attribute in the Anonymous Authentication Scheme’s credential mapping step to an attribute that IS already indexed

Potential Cause

How did this problem occur? It seemed to just appear over night. The likely cause of this problem is an increase in the amount of data in the user directory server. More data will cause a search on an unindexed attribute to yield incorrect incomplete results more frequently than if there is less data in the directory. This is because the look thur limit the directory imposes on the searching user may be exhausted before the entry (or entries) is located.

No Results