Troubleshooting
Problem
When I invoke SCIM request such as user creation, the response sometimes takes long time. In my case, it takes 12 seconds.
Cause
SCIM function executes DNS lookup for generating audit records. If DNS lookup fails, SCIM function takes long time for waiting timeout.
Diagnosing The Problem
- Enable runtime server trace with following setting.
com.ibm.isam.scim.*=ALL:com.tivoli.am.rba.*=ALL
- Execute delayed SCIM request
- Review runtime server trace file and find following records.
[10/10/22 15:08:56:120 JST] 00001a76 id=00000000 com.ibm.isam.scim.UserKnowledgeQuestionsScimlet > handleGet ENTRY
[10/10/22 15:08:56:120 JST] 00001a76 id=00000000 com.tivoli.am.rba.usc.handlers.UserKnowledgeQuestionsHandler > getKnowledgeQuestions ENTRY[10/10/22 15:08:56:120 JST] 00001a76 id=00000000 com.tivoli.am.rba.usc.UserSelfCareHandler > getAuditInfoFromRequest ENTRY
[10/10/22 15:09:08:133 JST] 00001a76 id=00000000 com.tivoli.am.rba.usc.UserSelfCareHandler < getAuditInfoFromRequest RETURN
- If the delay is observed between last 2 lines, it should be caused by DNS lookup issue.
Resolving The Problem
- Add following entries into appliance's hosts file
127.0.0.1 localhost<appliance-ip> <appliance-hostname>
- If the delay is still observed, check an audit record of SCIM request.
- Find location attribute of sourceComponentId and reporterComponentId element.
For example, HOST1 and HOST2 in an audit record.
<CommonBaseEvent creationTime="yyyy-mm-ddT00:00:00.000Z" extensionName="IBM_SECURITY_CBA_AUDIT_MGMT" globalInstanceId="xxx" version="1.0.1">
<sourceComponentId component="xxxx" componentIdType="ProductName" location="HOST1" locationType="FQHostname"/>
<reporterComponentId application="IBM Security Verify Access" component="Context-Based Authorization" componentIdType="ProductName" location="HOST2" locationType="FQHostname" componentType="http://www.ibm.com/namespaces/autonomic/Tivoli_componentTypes"/>
<extendedDataElements name="AUDIT_SCHEMA_VERSION" type="string">
<values>1.2</values>
</extendedDataElements>
<extendedDataElements name="actionInfo" type="noValue">
<children name="urn:oasis:names:tc:xacml:1.0:action:action-id" type="string"><values>KNOWLEDGE_QUESTIONS_SEARCH_EVENT</values></children>
</extendedDataElements>
- Add host entries of these hosts to appliance's hosts file.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSESHP","label":"IBM Security Verify Access Appliance"},"ARM Category":[{"code":"a8m0z000000cxuMAAQ","label":"Security Verify Access-\u003EAdvanced Access Control"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
10 November 2022
UID
ibm16838427