Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

crowd apache connector performance issues

shailesh ligade2
shailesh ligade October 2, 2015

Hello,

 

I am using crowd apache connector for SVN SSO with crowd.

The SSO configuration is working fine and I can see it from browser as well as IDE/Tortoise SVN client etc.

configuration is:

AuthName "Atlassian Crowd"
        AuthType Basic
        AuthBasicProvider crowd
        CrowdAppName <SVN APP NAME>
        CrowdAppPassword <SVN APP PWD>
        CrowdURL https://<CROWD HOST>:9443/crowd/
        CrowdSSLVerifyPeer Off
        CrowdCreateSSO off  # Improves performance when using Subversion clients that don't store cookies

We do have many repos and each repo had its own acl with list of users defined.

We can reuse the same files for authorization as well, however, we are having performance issues. e.g. it used to take 2 sec, now it is taking 40 sec.

Is there any setting to control that e.g. cache data or not to go to crowd for every request etc?

 

Thanks

Shailesh

 

Answer
Watch
Like Steffen Opel _Utoolity_ likes this
553 views

2 answers

0 votes
shailesh ligade2
shailesh ligade October 5, 2015

Thanks,

 

Although I have

 

LoadModule authnz_crowd_module modules/mod_authnz_crowd.so

LoadModule  authz_svn_module       modules/mod_authz_svn.so

 

I am getting

 

CrowdCacheMaxAge not allowed here

 

Any suggestions.

 

Thanks

View More Comments
shailesh ligade2
shailesh ligade October 9, 2015

I guess I had to add those cache options outside of location tag of apache. However, even after doing that, performance didn't improve much. What I have is crowd configuration in place, and not for each individual repo. Each individual repo location, I have specified acl file. Not sure if that makes any difference..

Like
Reply
0 votes
Steffen Opel _Utoolity_
Steffen Opel _Utoolity_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 3, 2015

You have two options to control the cache behavior, which are documented in Integrating Crowd with Apache:

CrowdCacheMaxAge 120

The maximum number of seconds that a response from Crowd will be cached by the Apache Crowd connector.

60

CrowdCacheMaxEntries 1000

The maximum number of entries cached at any time by the Apache Crowd connector. If set to 0, caching is disabled.

500

 

The last column denotes the default value, and a note further down on that page confirms that caching should already be enabled by default:

  • If the CrowdCacheMaxEntries setting is missing or set to a non-zero value, then requests to Crowd are cached in order to increase performance. This means that changes to passwords, group membership and session expiry in Crowd may not be reflected immediately in user access.

Given your scenario comprises many repos, you probably need to ensure that CrowdCacheMaxEntries is sufficiently large to avoid items being purged from the cache early and actually yield them to be cached for CrowdCacheMaxAge.

Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events