My Oracle Support Banner

Weblogic SSPI Role Mapping Major Performance Issue For Not Using MEMBEROF Attribute (Doc ID 1055008.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

COREid Access - Version: to - Release: to
Information in this document applies to any platform.


There is a huge performance hits at the authentication stage while the SSPI fetches the associated group for a given authenticated user. It's observed that the groups are being fetched by browsing all of them and looking at very single one of them instead of using the "memberOf" attribut of a given user. This results in a huge performance hit.

Steps To Reproduce:
1- Deploy a resource inside a weblogic domain protected by the NetPoint (OAM) SSPI.
2- Configure a policy to protect this resource.
3- Define 900-1000 groups inside the Active Directory being used for the users / groups.
4- Access the resource using a allowed user.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.