Weblogic SSPI Role Mapping Major Performance Issue For Not Using MEMBEROF Attribute (Doc ID 1055008.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

COREid Access - Version: 7.0.4.3 to 7.0.4.3 - Release: 7.0.4.3 to 7.0.4.3
Information in this document applies to any platform.

Symptoms

There is a huge performance hits at the authentication stage while the SSPI fetches the associated group for a given authenticated user. It's observed that the groups are being fetched by browsing all of them and looking at very single one of them instead of using the "memberOf" attribut of a given user. This results in a huge performance hit.

Steps To Reproduce:
1- Deploy a resource inside a weblogic domain protected by the NetPoint (OAM) SSPI.
2- Configure a policy to protect this resource.
3- Define 900-1000 groups inside the Active Directory being used for the users / groups.
4- Access the resource using a allowed user.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms