Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Hi,
I have successfully installed LDAP module + SSO feature in a Windows environment. However there's a noticeable delay in SSO authentication. A user is successfully logged in between 5 to 6 seconds.
As we are implementing this for our company Intranet, this is regarded as a delay. Is there any way that I can speed up the process?
In order to isolate the problem, I have also installed a Drupal fresh copy which has only the LDAP/SSO modules and still I'm noticing the same delay.
Please see the attachment which shows the time taken for the process with Chrome browser.
Thanks
Comment | File | Size | Author |
---|---|---|---|
#5 | calltree.png | 539.5 KB | grahl |
#3 | cachegrind.out_.1471402959_362552.intranet__home_XDEBUG_PROFILE.zip | 1.02 MB | crystalgrafix |
sso_delay.jpg | 29.78 KB | crystalgrafix |
Comments
Comment #2
larowlanCan you profile from the php side and report back what it taking the most time.
You can use tools like blackfire.io if you're after an easy way to get started profiling.
Comment #3
crystalgrafix CreditAttribution: crystalgrafix commentedHi,
I'm using a windows server and have issues configuring blackfire.io
Therefore managed to output a file from Xdebug. Please see the attachment and let me know if this is sufficient.
Thanks
Comment #4
crystalgrafix CreditAttribution: crystalgrafix commentedComment #5
grahlHi
I looked at your xdebug output and cannot find any significant resource usage usage by LDAP (see also the attached screenshot).
You are probably using Kerberos, right? Consider fine-tuning this since it can take several seconds to get a valid ticket for the kerberos daemon. I have noticed this myself that the first request is the slowest at several seconds and the ones after that resolve in less than a second. This is not something we can fix in Drupal, it's several layers below it in Apache.
Comment #6
markusd1984 CreditAttribution: markusd1984 commentedHas anyone come across any way to test or fine-tune Kerberos to reduce the lag?
I have the exact same issue, with around 7+ secs using apache.
Comment #7
grahlI can't speak for Windows but under Linux I've used kinit to debug whether I'd gotten a Kerberos ticket and could reproduce the timing issues there.
Just from googling it seems that adjusting ticket lifetime in krb5.conf and/or changes regarding dns there could help you out but since in my case tickets live long enough it's fine for us if the first user of the week has to wait a little bit longer.
Comment #8
grahl