TokenAuthenticationManager.authenticateUser took long time

We see, that it took over 6 seconds to login into Jira, Confluence and crowd. The problems seems to be crowd.

Interesting is this: [6414ms] - TokenAuthenticationManager.authenticateUser()

 

We found in the log file:

 

2015-03-04 11:20:49,227 http-bio-8095-exec-15 DEBUG [crowd.dao.user.UserDAOHibernate] Saving or updating object: com.atlassian.crowd.model.user.InternalUserAttribute@11115b01[directory=com.atlassian.crowd.model.directory.DirectoryImpl_$$_jvstd6c_0@4178618[lowerName=domain activedirectory,description=,type=CONNECTOR,implementationClass=com.atlassian.crowd.directory.MicrosoftActiveDirectory,allowedOperations=[UPDATE_GROUP, DELETE_USER, CREATE_GROUP, CREATE_USER, DELETE_GROUP, UPDATE_USER],attributes={ldap.basedn=DC=domain,DC=de, ldap.user.filter=(&(objectClass=user)(memberOF=CN=s-g-crowd-users,CN=Users,DC=domain,DC=de)), ldap.user.username=sAMAccountName, ldap.usermembership.use=false, com.atlassian.crowd.directory.sync.lastdurationms=28762, ldap.role.objectclass=group, ldap.group.usernames=member, ldap.pagedresults.size=999, ldap.read.timeout=120000, ldap.connection.timeout=10000, ldap.group.filter=(objectCategory=Group), ldap.userdn=administrator@domain.de, ldap.external.id=objectGUID, ldap.roles.disabled=true, ldap.url=ldaps://dc2.domain.de, ldap.pagedresults=true, ldap.user.password=unicodePwd, ldap.user.lastname=sn, ldap.group.name=cn, ldap.role.dn=, ldap.referral=true, com.atlassian.crowd.directory.sync.issynchronising=false, ldap.group.dn=Cn=Users, ldap.relaxed.dn.standardisation=true, ldap.user.firstname=givenName, ldap.password=********, ldap.role.description=description, com.atlassian.crowd.directory.sync.cache.enabled=true, autoAddGroups=OpenID-Benutzer, crowd.sync.incremental.enabled=true, ldap.role.name=cn, ldap.usermembership.use.for.groups=true, ldap.user.objectclass=user, directory.cache.synchronise.interval=3600, ldap.nestedgroups.disabled=false, ldap.secure=true, ldap.user.username.rdn=cn, ldap.user.displayname=displayName, com.atlassian.crowd.directory.sync.laststartsynctime=1425464364925, ldap.user.email=mail, ldap.user.group=memberOf, localUserStatusEnabled=false, ldap.local.groups=false, ldap.group.description=description, ldap.role.filter=(objectclass=group), ldap.user.dn=Cn=Users, ldap.activedirectory.use_primary_groups=false, ldap.group.objectclass=group, ldap.role.usernames=member, ldap.search.timelimit=60000}],user=com.atlassian.crowd.model.user.InternalUser@4f30c848[id=524347,name=TestUser,createdDate=2012-01-13 11:05:05.036,updatedDate=Wed Mar 04 11:20:43 CET 2015,active=true,emailAddress=tu@domain.tld,firstName=Test,lastName=User,displayName=Test User,credential=com.atlassian.crowd.embedded.api.PasswordCredential@5fd467cd[credential=nopass,encryptedCredential=true],lowerName=TestUser,lowerEmailAddress=tu@domain.tld,lowerFirstName=Test,lowerLastName=User,lowerDisplayName=Test User,directoryId=491521,externalId=39a43facbdc50645bc391766b59b4a7a]]
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] User <TestUser> has access to the application <crowd>
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] generateUserToken: user TestUser
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: TestUser
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding remote address of 10.28.4.125
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: TestUser
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding remote address of 10.28.4.125
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding Random-Number of ValidationFactor[Random-Number=982085500436642489]
2015-03-04 11:20:49,241 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Saving and returning newly created token
2015-03-04 11:20:49,243 http-bio-8095-exec-15 DEBUG [crowd.manager.application.ApplicationServiceGeneric] Storing user attributes for user <TestUser> and application <crowd>
2015-03-04 11:20:49,250 http-bio-8095-exec-15 DEBUG [crowd.manager.permission.PermissionManagerImpl] Directory domain ActiveDirectory : Permission UPDATE_USER_ATTRIBUTE has been denied
2015-03-04 11:20:49,251 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Unable to update last active for user 'TestUser' as there are insufficient permissions to write for application 'crowd'
2015-03-04 11:20:49,252 http-bio-8095-exec-15 DEBUG [atlassian.util.profiling.UtilTimerStack] [6418ms] - SecurityServer.authenticatePrincipal()
[4ms] - SOAPService.validateSOAPService()
[0ms] - CrowdLicenseManager.isLicenseValid()
[0ms] - PropertyManager.getCurrentLicenseResourceTotal()
[1ms] - TokenAuthenticationManager.validateApplicationToken()
[0ms] - SessionTokenStorage.findByRandomHash()
[0ms] - PropertyManager.getSessionTime()
[0ms] - PropertyManager.getSessionTime()
[0ms] - PropertyManager.isIncludeIpAddressInValidationFactors()
[1ms] - SessionTokenStorage.update()
[0ms] - PropertyManager.isCacheEnabled()
[6414ms] - TokenAuthenticationManager.authenticateUser()
[1ms] - AliasManager.findUsernameByAlias()
[6390ms] - ApplicationService.authenticateUser()
[10ms] - ApplicationService.isUserAuthorised()
[0ms] - PropertyManager.isIncludeIpAddressInValidationFactors()
[1ms] - SessionTokenStorage.findByIdentifierHash()
[0ms] - SessionTokenStorage.add()
[8ms] - ApplicationService.storeUserAttributes()
[0ms] - PermissionManager.hasPermission()
[0ms] - AliasManager.findAliasByUsername()

1 answer

Hi Tobias,

May I know which version of Crowd you are using? It is possible that you are currently encountering a known bug as we realise that you are connected to your LDAP server through SSL.

https://jira.atlassian.com/browse/CWD-4070

For troubleshooting purposes, you might want to try to disable the SSL connection and see if the condition improve. Hope it helps.

Cheers,
Septa Cahyadiputra 

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Feb 27, 2018 in Crowd

The Crowd team is looking for feedback on Server & Data Center customers' identity strategies!

Do you own more than one Server or Data Center product? Do you have challenges provisioning users across your Atlassian products? Are you spending a lot of time integrating each Atlassian product wit...

1,209 views 6 14
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you