TokenAuthenticationManager.authenticateUser took long time

We see, that it took over 6 seconds to login into Jira, Confluence and crowd. The problems seems to be crowd.

Interesting is this: [6414ms] - TokenAuthenticationManager.authenticateUser()

We found in the log file:

2015-03-04 11:20:49,227 http-bio-8095-exec-15 DEBUG [crowd.dao.user.UserDAOHibernate] Saving or updating object: com.atlassian.crowd.model.user.InternalUserAttribute@11115b01[directory=com.atlassian.crowd.model.directory.DirectoryImpl_$$_jvstd6c_0@4178618[lowerName=domain activedirectory,description=,type=CONNECTOR,implementationClass=com.atlassian.crowd.directory.MicrosoftActiveDirectory,allowedOperations=[UPDATE_GROUP, DELETE_USER, CREATE_GROUP, CREATE_USER, DELETE_GROUP, UPDATE_USER],attributes={ldap.basedn=DC=domain,DC=de, ldap.user.filter=(&(objectClass=user)(memberOF=CN=s-g-crowd-users,CN=Users,DC=domain,DC=de)), ldap.user.username=sAMAccountName, ldap.usermembership.use=false, com.atlassian.crowd.directory.sync.lastdurationms=28762, ldap.role.objectclass=group, ldap.group.usernames=member, ldap.pagedresults.size=999, ldap.read.timeout=120000, ldap.connection.timeout=10000, ldap.group.filter=(objectCategory=Group), ldap.userdn=administrator@domain.de, ldap.external.id=objectGUID, ldap.roles.disabled=true, ldap.url=ldaps://dc2.domain.de, ldap.pagedresults=true, ldap.user.password=unicodePwd, ldap.user.lastname=sn, ldap.group.name=cn, ldap.role.dn=, ldap.referral=true, com.atlassian.crowd.directory.sync.issynchronising=false, ldap.group.dn=Cn=Users, ldap.relaxed.dn.standardisation=true, ldap.user.firstname=givenName, ldap.password=********, ldap.role.description=description, com.atlassian.crowd.directory.sync.cache.enabled=true, autoAddGroups=OpenID-Benutzer, crowd.sync.incremental.enabled=true, ldap.role.name=cn, ldap.usermembership.use.for.groups=true, ldap.user.objectclass=user, directory.cache.synchronise.interval=3600, ldap.nestedgroups.disabled=false, ldap.secure=true, ldap.user.username.rdn=cn, ldap.user.displayname=displayName, com.atlassian.crowd.directory.sync.laststartsynctime=1425464364925, ldap.user.email=mail, ldap.user.group=memberOf, localUserStatusEnabled=false, ldap.local.groups=false, ldap.group.description=description, ldap.role.filter=(objectclass=group), ldap.user.dn=Cn=Users, ldap.activedirectory.use_primary_groups=false, ldap.group.objectclass=group, ldap.role.usernames=member, ldap.search.timelimit=60000}],user=com.atlassian.crowd.model.user.InternalUser@4f30c848[id=524347,name=TestUser,createdDate=2012-01-13 11:05:05.036,updatedDate=Wed Mar 04 11:20:43 CET 2015,active=true,emailAddress=tu@domain.tld,firstName=Test,lastName=User,displayName=Test User,credential=com.atlassian.crowd.embedded.api.PasswordCredential@5fd467cd[credential=nopass,encryptedCredential=true],lowerName=TestUser,lowerEmailAddress=tu@domain.tld,lowerFirstName=Test,lowerLastName=User,lowerDisplayName=Test User,directoryId=491521,externalId=39a43facbdc50645bc391766b59b4a7a]]
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] User <TestUser> has access to the application <crowd>
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] generateUserToken: user TestUser
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: TestUser
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding remote address of 10.28.4.125
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Generating Token for principal: TestUser
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding remote address of 10.28.4.125
2015-03-04 11:20:49,240 http-bio-8095-exec-15 DEBUG [manager.token.factory.TokenKeyGeneratorImpl] Adding Random-Number of ValidationFactor[Random-Number=982085500436642489]
2015-03-04 11:20:49,241 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Saving and returning newly created token
2015-03-04 11:20:49,243 http-bio-8095-exec-15 DEBUG [crowd.manager.application.ApplicationServiceGeneric] Storing user attributes for user <TestUser> and application <crowd>
2015-03-04 11:20:49,250 http-bio-8095-exec-15 DEBUG [crowd.manager.permission.PermissionManagerImpl] Directory domain ActiveDirectory : Permission UPDATE_USER_ATTRIBUTE has been denied
2015-03-04 11:20:49,251 http-bio-8095-exec-15 DEBUG [crowd.manager.authentication.TokenAuthenticationManagerImpl] Unable to update last active for user 'TestUser' as there are insufficient permissions to write for application 'crowd'
2015-03-04 11:20:49,252 http-bio-8095-exec-15 DEBUG [atlassian.util.profiling.UtilTimerStack] [6418ms] - SecurityServer.authenticatePrincipal()
[4ms] - SOAPService.validateSOAPService()
[0ms] - CrowdLicenseManager.isLicenseValid()
[0ms] - PropertyManager.getCurrentLicenseResourceTotal()
[1ms] - TokenAuthenticationManager.validateApplicationToken()
[0ms] - SessionTokenStorage.findByRandomHash()
[0ms] - PropertyManager.getSessionTime()
[0ms] - PropertyManager.getSessionTime()
[0ms] - PropertyManager.isIncludeIpAddressInValidationFactors()
[1ms] - SessionTokenStorage.update()
[0ms] - PropertyManager.isCacheEnabled()
[6414ms] - TokenAuthenticationManager.authenticateUser()
[1ms] - AliasManager.findUsernameByAlias()
[6390ms] - ApplicationService.authenticateUser()
[10ms] - ApplicationService.isUserAuthorised()
[0ms] - PropertyManager.isIncludeIpAddressInValidationFactors()
[1ms] - SessionTokenStorage.findByIdentifierHash()
[0ms] - SessionTokenStorage.add()
[8ms] - ApplicationService.storeUserAttributes()
[0ms] - PermissionManager.hasPermission()
[0ms] - AliasManager.findAliasByUsername()