We see, that it took over 6 seconds to login into Jira, Confluence and crowd. The problems seems to be crowd.
Interesting is this: [6414ms] - TokenAuthenticationManager.authenticateUser()
We found in the log file:
2015-03-04 11:20:49,227 http-bio-8095-exec-15 DEBUG [crowd.dao.user.UserDAOHibernate] Saving or updating object: com.atlassian.crowd.model.user.InternalUserAttribute@11115b01[directory=com.atlassian.crowd.model.directory.DirectoryImpl_$$_jvstd6c_0@4178618[lowerName=domain activedirectory,description=,type=CONNECTOR,implementationClass=com.atlassian.crowd.directory.MicrosoftActiveDirectory,allowedOperations=[UPDATE_GROUP, DELETE_USER, CREATE_GROUP, CREATE_USER, DELETE_GROUP, UPDATE_USER],attributes={ldap.basedn=DC=domain,DC=de, ldap.user.filter=(&(objectClass=user)(memberOF=CN=s-g-crowd-users,CN=Users,DC=domain,DC=de)), ldap.user.username=sAMAccountName, ldap.usermembership.use=false, com.atlassian.crowd.directory.sync.lastdurationms=28762, ldap.role.objectclass=group, ldap.group.usernames=member, ldap.pagedresults.size=999, ldap.read.timeout=120000, ldap.connection.timeout=10000, ldap.group.filter=(objectCategory=Group), ldap.userdn=administrator@domain.de, ldap.external.id=objectGUID, ldap.roles.disabled=true, ldap.url=ldaps://dc2.domain.de, ldap.pagedresults=true, ldap.user.password=unicodePwd, ldap.user.lastname=sn, ldap.group.name=cn, ldap.role.dn=, ldap.referral=true, com.atlassian.crowd.directory.sync.issynchronising=false, ldap.group.dn=Cn=Users, ldap.relaxed.dn.standardisation=true, ldap.user.firstname=givenName, ldap.password=********, ldap.role.description=description, com.atlassian.crowd.directory.sync.cache.enabled=true, autoAddGroups=OpenID-Benutzer, crowd.sync.incremental.enabled=true, ldap.role.name=cn, ldap.usermembership.use.for.groups=true, ldap.user.objectclass=user, directory.cache.synchronise.interval=3600, ldap.nestedgroups.disabled=false, ldap.secure=true, ldap.user.username.rdn=cn, ldap.user.displayname=displayName, com.atlassian.crowd.directory.sync.laststartsynctime=1425464364925, ldap.user.email=mail, ldap.user.group=memberOf, localUserStatusEnabled=false, ldap.local.groups=false, ldap.group.description=description, ldap.role.filter=(objectclass=group), ldap.user.dn=Cn=Users, ldap.activedirectory.use_primary_groups=false, ldap.group.objectclass=group, ldap.role.usernames=member, ldap.search.timelimit=60000}],user=com.atlassian.crowd.model.user.InternalUser@4f30c848[id=524347,name=TestUser,createdDate=2012-01-13 11:05:05.036,updatedDate=Wed Mar 04 11:20:43 CET 2015,active=true,emailAddress=tu@domain.tld,firstName=Test,lastName=User,displayName=Test User,credential=com.atlassian.crowd.embedded.api.PasswordCredential@5fd467cd[credential=nopass,encryptedCredential=true],lowerName=TestUser,lowerEmailAddress=tu@domain.tld,lowerFirstName=Test,lowerLastName=User,lowerDisplayName=Test User,directoryId=491521,externalId=39a43facbdc50645bc391766b59b4a7a]]
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] User <TestUser> has access to the application <crowd>
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] generateUserToken: user TestUser
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: TestUser
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding remote address of 10.28.4.125
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: TestUser
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding remote address of 10.28.4.125
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding Random-Number of ValidationFactor[Random-Number=982085500436642489]
2015-03-04 11:20:49,241 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Saving and returning newly created token
2015-03-04 11:20:49,243 http-bio-8095-exec-15 DEBUG [crowd.manager.application.ApplicationServiceGeneric] Storing user attributes for user <TestUser> and application <crowd>
2015-03-04 11:20:49,250 http-bio-8095-exec-15 DEBUG [crowd.manager.permission.PermissionManagerImpl] Directory domain ActiveDirectory : Permission UPDATE_USER_ATTRIBUTE has been denied
2015-03-04 11:20:49,251 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Unable to update last active for user 'TestUser' as there are insufficient permissions to write for application 'crowd'
2015-03-04 11:20:49,252 http-bio-8095-exec-15 DEBUG [atlassian.util.profiling.UtilTimerStack] [6418ms] - SecurityServer.authenticatePrincipal()
[4ms] - SOAPService.validateSOAPService()
[0ms] - CrowdLicenseManager.isLicenseValid()
[0ms] - PropertyManager.getCurrentLicenseResourceTotal()
[1ms] - TokenAuthenticationManager.validateApplicationToken()
[0ms] - SessionTokenStorage.findByRandomHash()
[0ms] - PropertyManager.getSessionTime()
[0ms] - PropertyManager.getSessionTime()
[0ms] - PropertyManager.isIncludeIpAddressInValidationFactors()
[1ms] - SessionTokenStorage.update()
[0ms] - PropertyManager.isCacheEnabled()
[6414ms] - TokenAuthenticationManager.authenticateUser()
[1ms] - AliasManager.findUsernameByAlias()
[6390ms] - ApplicationService.authenticateUser()
[10ms] - ApplicationService.isUserAuthorised()
[0ms] - PropertyManager.isIncludeIpAddressInValidationFactors()
[1ms] - SessionTokenStorage.findByIdentifierHash()
[0ms] - SessionTokenStorage.add()
[8ms] - ApplicationService.storeUserAttributes()
[0ms] - PermissionManager.hasPermission()
[0ms] - AliasManager.findAliasByUsername()
Hi Tobias,
May I know which version of Crowd you are using? It is possible that you are currently encountering a known bug as we realise that you are connected to your LDAP server through SSL.
https://jira.atlassian.com/browse/CWD-4070
For troubleshooting purposes, you might want to try to disable the SSL connection and see if the condition improve. Hope it helps.
Cheers,
Septa Cahyadiputra
The problem is not limited to SSL. See https://jira.atlassian.com/browse/CWD-4159 and https://jira.atlassian.com/browse/CWD-4070
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.