TokenAuthenticationManager.authenticateUser took long time

Tobias Matthaeus March 3, 2015

We see, that it took over 6 seconds to login into Jira, Confluence and crowd. The problems seems to be crowd.

Interesting is this: [6414ms] - TokenAuthenticationManager.authenticateUser()

 

We found in the log file:

 

2015-03-04 11:20:49,227 http-bio-8095-exec-15 DEBUG [crowd.dao.user.UserDAOHibernate] Saving or updating object: com.atlassian.crowd.model.user.InternalUserAttribute@11115b01[directory=com.atlassian.crowd.model.directory.DirectoryImpl_$$_jvstd6c_0@4178618[lowerName=domain activedirectory,description=,type=CONNECTOR,implementationClass=com.atlassian.crowd.directory.MicrosoftActiveDirectory,allowedOperations=[UPDATE_GROUP, DELETE_USER, CREATE_GROUP, CREATE_USER, DELETE_GROUP, UPDATE_USER],attributes={ldap.basedn=DC=domain,DC=de, ldap.user.filter=(&(objectClass=user)(memberOF=CN=s-g-crowd-users,CN=Users,DC=domain,DC=de)), ldap.user.username=sAMAccountName, ldap.usermembership.use=false, com.atlassian.crowd.directory.sync.lastdurationms=28762, ldap.role.objectclass=group, ldap.group.usernames=member, ldap.pagedresults.size=999, ldap.read.timeout=120000, ldap.connection.timeout=10000, ldap.group.filter=(objectCategory=Group), ldap.userdn=administrator@domain.de, ldap.external.id=objectGUID, ldap.roles.disabled=true, ldap.url=ldaps://dc2.domain.de, ldap.pagedresults=true, ldap.user.password=unicodePwd, ldap.user.lastname=sn, ldap.group.name=cn, ldap.role.dn=, ldap.referral=true, com.atlassian.crowd.directory.sync.issynchronising=false, ldap.group.dn=Cn=Users, ldap.relaxed.dn.standardisation=true, ldap.user.firstname=givenName, ldap.password=********, ldap.role.description=description, com.atlassian.crowd.directory.sync.cache.enabled=true, autoAddGroups=OpenID-Benutzer, crowd.sync.incremental.enabled=true, ldap.role.name=cn, ldap.usermembership.use.for.groups=true, ldap.user.objectclass=user, directory.cache.synchronise.interval=3600, ldap.nestedgroups.disabled=false, ldap.secure=true, ldap.user.username.rdn=cn, ldap.user.displayname=displayName, com.atlassian.crowd.directory.sync.laststartsynctime=1425464364925, ldap.user.email=mail, ldap.user.group=memberOf, localUserStatusEnabled=false, ldap.local.groups=false, ldap.group.description=description, ldap.role.filter=(objectclass=group), ldap.user.dn=Cn=Users, ldap.activedirectory.use_primary_groups=false, ldap.group.objectclass=group, ldap.role.usernames=member, ldap.search.timelimit=60000}],user=com.atlassian.crowd.model.user.InternalUser@4f30c848[id=524347,name=TestUser,createdDate=2012-01-13 11:05:05.036,updatedDate=Wed Mar 04 11:20:43 CET 2015,active=true,emailAddress=tu@domain.tld,firstName=Test,lastName=User,displayName=Test User,credential=com.atlassian.crowd.embedded.api.PasswordCredential@5fd467cd[credential=nopass,encryptedCredential=true],lowerName=TestUser,lowerEmailAddress=tu@domain.tld,lowerFirstName=Test,lowerLastName=User,lowerDisplayName=Test User,directoryId=491521,externalId=39a43facbdc50645bc391766b59b4a7a]]
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] User <TestUser> has access to the application <crowd>
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] generateUserToken: user TestUser
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: TestUser
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding remote address of 10.28.4.125
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: TestUser
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding remote address of 10.28.4.125
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding Random-Number of ValidationFactor[Random-Number=982085500436642489]
2015-03-04 11:20:49,241 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Saving and returning newly created token
2015-03-04 11:20:49,243 http-bio-8095-exec-15 DEBUG [crowd.manager.application.ApplicationServiceGeneric] Storing user attributes for user <TestUser> and application <crowd>
2015-03-04 11:20:49,250 http-bio-8095-exec-15 DEBUG [crowd.manager.permission.PermissionManagerImpl] Directory domain ActiveDirectory : Permission UPDATE_USER_ATTRIBUTE has been denied
2015-03-04 11:20:49,251 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Unable to update last active for user 'TestUser' as there are insufficient permissions to write for application 'crowd'
2015-03-04 11:20:49,252 http-bio-8095-exec-15 DEBUG [atlassian.util.profiling.UtilTimerStack] [6418ms] - SecurityServer.authenticatePrincipal()
[4ms] - SOAPService.validateSOAPService()
[0ms] - CrowdLicenseManager.isLicenseValid()
[0ms] - PropertyManager.getCurrentLicenseResourceTotal()
[1ms] - TokenAuthenticationManager.validateApplicationToken()
[0ms] - SessionTokenStorage.findByRandomHash()
[0ms] - PropertyManager.getSessionTime()
[0ms] - PropertyManager.getSessionTime()
[0ms] - PropertyManager.isIncludeIpAddressInValidationFactors()
[1ms] - SessionTokenStorage.update()
[0ms] - PropertyManager.isCacheEnabled()
[6414ms] - TokenAuthenticationManager.authenticateUser()
[1ms] - AliasManager.findUsernameByAlias()
[6390ms] - ApplicationService.authenticateUser()
[10ms] - ApplicationService.isUserAuthorised()
[0ms] - PropertyManager.isIncludeIpAddressInValidationFactors()
[1ms] - SessionTokenStorage.findByIdentifierHash()
[0ms] - SessionTokenStorage.add()
[8ms] - ApplicationService.storeUserAttributes()
[0ms] - PermissionManager.hasPermission()
[0ms] - AliasManager.findAliasByUsername()

1 answer

1 vote
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 12, 2015

Hi Tobias,

May I know which version of Crowd you are using? It is possible that you are currently encountering a known bug as we realise that you are connected to your LDAP server through SSL.

https://jira.atlassian.com/browse/CWD-4070

For troubleshooting purposes, you might want to try to disable the SSL connection and see if the condition improve. Hope it helps.

Cheers,
Septa Cahyadiputra 

Sorin Sbarnea (Citrix)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 20, 2015

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events