sporadic user authenication issues

[Esquivel, Vince]

Thank you Rhian

Any chance you can share what you had to adjust?

Vince

From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Rhian Resnick
Sent: Tuesday, February 17, 2015 3:17 PM
To: Shib Users
Subject: RE: sporadic user authenication issues

We have had similar issues with cas and shibboleth. We needed to adjust the connection pooling in the bigip.

Rhian Resnick
Fau

Sent via the Samsung GALAXY S(r)4 Active(tm), an AT&T 4G LTE smartphone

-------- Original message --------
From: "Esquivel, Vince"
Date:02/17/2015 3:30 PM (GMT-05:00)
To: Shib Users
Subject: RE: sporadic user authenication issues

The LDAP sources are in an F5 load balancer pool, which we changed our configuration to point at.  Is there a setting on the shibboleth config to increase this setting?  Could the load balancer be the issue?

Thanks
Vince

From: users-bounces at shibboleth.net<mailto:users-bounces at shibboleth.net> [mailto:users-bounces at shibboleth.net] On Behalf Of IAM David Bantz
Sent: Tuesday, February 17, 2015 1:33 PM
To: Shib Users
Subject: Re: sporadic user authenication issues


On Tue, Feb 17, 2015 at 10:09 AM, Esquivel, Vince <Esquivelv at uhd.edu<mailto:Esquivelv at uhd.edu>> wrote:
LDAP: error code 3 - Timelimit Exceeded

The error in the quoted log messages is explicit:
LDAP: error code 3 - Timelimit Exceeded
That's AFTER authenticating the user with a bind with the user's submitted credentials,
and AFTER the IdP successfully bound to the ldap and searched for user's attributes.

After a few seconds, the directory aborted the ldap search for user's attributes with the timeout,
which is completely different from the message in previous post indicating incorrect password for the user.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20150217/4b8f0e7a/attachment-0001.html