Problems with XAuth and execution time

Document ID : KB000113089
Last Modified Date : 05/10/2018
Show Technical Document Details
Issue:
We're running a Policy Server 12.8, and when user tries to access a
resource protected by Radius Auth Scheme, then the XAuthRadius
module doesn't work properly and reports error :

  [26380/140479939110656][Wed Aug 22 2018 
  15:45:34][AgentAuth.cpp:321][INFO][sm-log-00000] Execution time 
  exceeded threshold. (CSm_Auth_Message::ProcessAgentMessage, 17117, 
  5000, agent=mymachine.mydomain.com client=*10.0.0.1 
  server=https://mymachine.mydomain.com resource=/xauth/ action=GET 
  user=myuser) 

We've set the registry key ExecutionTimeThreshold when set to 0x61A8
(25000), and the Policy Server doesn't apply it to call to
XAuthRadius.

Why do we have this behavior ?
Cause:
As the Policy Server traces show, the Radius server doesn't respond 
in 15 seconds and as such, the call fails. 

The 15 seconds are probably defined in the XAuthRadius config file, 
where a timeout is set : 

  Configuration File Format 

  "The configuration file contains IP numbers and RADIUS secret for each 
  RADIUS server utilized by at least one user within the directory. It 
  also specifies port number, timeout and number of retries for a RADIUS 
  server." 

  XauthRADIUS Integration for CA Single Sign-On 
  Installation and Configuration Version 6.3 

and as such, this is not the Policy Server that stop the executing of 
the thread before it finishes. The XAuthRadius module reports the 
timeout first. 

smps.log

[11608/140410265532160][Wed Sep 05 2018 
16:08:52][CServer.cpp:6372][INFO][sm-log-00000] Execution time 
exceeded threshold. (CServer::ProcessRequest, 15124, 5000, 
agent=mymachine.mydomain.com client=*10.0.0.1 
server=https://mymachine.mydomain.com resource=/xauth/ action=GET 
user=myuser) 

smtracedefault.log

[09/05/2018][16:08:52.406][16:08:52][11608][140410265532160] 
[SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][] 
[][][][][][Authentication 
request timed out][XauthRADIUS: Authentication request timed 
out][][][][][][][][][][][][][][][][][][][][][][][][][][][][] 
[][][][][][][][][][] 

[09/05/2018][16:08:52.406][16:08:52][11608][140410265532160] 
[SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][] 
[][][][][][][No 
RADIUS Server available to authenticate user][XauthRADIUS: 
No RADIUS Server available to authenticate 
user][][][][][][][][][][][][][][][][][][][][][][][][][][][] 
[][][][][][][][][][][] 

[09/05/2018][16:08:52.406][16:08:52][11608][140410265532160] 
[SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][] 
[][][][][][][Authentication timed out or was not possible] 
[XauthRADIUS: Authentication timed out or was not possible] 
[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][] 
[][][][][][][][] 
 
Resolution:
- Check the connection and the configuration of the Radius server; 
- Adjust the timeout in the configuration file of the XAuthRadius 
  module if needed;