p:responseTimeout not present in LDAP connections

Jim Fox fox at washington.edu
Fri Apr 22 11:55:35 EDT 2016

> On Thu, Apr 21, 2016 at 12:16 PM, Youssef GHORBAL <youssef.ghorbal at pasteur.fr> wrote:
>               On the shibboleth side, I was wondering if there is any reasons not setting a default p:responseTimeout on the LDAP connection
>       pools. Maybe there are other non obvious side effects ?
> I can't think of any bad side effects. Being an authentication subsystem I think an aggressive timeout is reasonable, something around 3 seconds.
> Of course, you'll probably be better off fixing the cause of the TCP hangs, but I know that's not always possible. Note that tuning the pool
> validation settings may also have some value here.

A broken data connector usually results in an assertion with nothing being 
asserted.  That leads the user to think the fault is on the SP.

It seems to me if your LDAP is broken you'd like to know sooner rather 
than later.


More information about the users mailing list