crowd apache connector performance issues

Hello,

 

I am using crowd apache connector for SVN SSO with crowd.

The SSO configuration is working fine and I can see it from browser as well as IDE/Tortoise SVN client etc.

configuration is:

AuthName "Atlassian Crowd"
        AuthType Basic
        AuthBasicProvider crowd
        CrowdAppName <SVN APP NAME>
        CrowdAppPassword <SVN APP PWD>
        CrowdURL https://<CROWD HOST>:9443/crowd/
        CrowdSSLVerifyPeer Off
        CrowdCreateSSO off  # Improves performance when using Subversion clients that don't store cookies

We do have many repos and each repo had its own acl with list of users defined.

We can reuse the same files for authorization as well, however, we are having performance issues. e.g. it used to take 2 sec, now it is taking 40 sec.

Is there any setting to control that e.g. cache data or not to go to crowd for every request etc?

 

Thanks

Shailesh

 

2 answers

0 vote

You have two options to control the cache behavior, which are documented in Integrating Crowd with Apache:

CrowdCacheMaxAge 120

The maximum number of seconds that a response from Crowd will be cached by the Apache Crowd connector.

60

CrowdCacheMaxEntries 1000

The maximum number of entries cached at any time by the Apache Crowd connector. If set to 0, caching is disabled.

500

 

The last column denotes the default value, and a note further down on that page confirms that caching should already be enabled by default:

  • If the CrowdCacheMaxEntries setting is missing or set to a non-zero value, then requests to Crowd are cached in order to increase performance. This means that changes to passwords, group membership and session expiry in Crowd may not be reflected immediately in user access.

Given your scenario comprises many repos, you probably need to ensure that CrowdCacheMaxEntries is sufficiently large to avoid items being purged from the cache early and actually yield them to be cached for CrowdCacheMaxAge.

Thanks,

 

Although I have

 

LoadModule authnz_crowd_module modules/mod_authnz_crowd.so

LoadModule  authz_svn_module       modules/mod_authz_svn.so

 

I am getting

 

CrowdCacheMaxAge not allowed here

 

Any suggestions.

 

Thanks

I guess I had to add those cache options outside of location tag of apache. However, even after doing that, performance didn't improve much. What I have is crowd configuration in place, and not for each individual repo. Each individual repo location, I have specified acl file. Not sure if that makes any difference..

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Feb 27, 2018 in Crowd

The Crowd team is looking for feedback on Server & Data Center customers' identity strategies!

Do you own more than one Server or Data Center product? Do you have challenges provisioning users across your Atlassian products? Are you spending a lot of time integrating each Atlassian product wit...

1,201 views 6 14
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you