Hi,

I have successfully installed LDAP module + SSO feature in a Windows environment. However there's a noticeable delay in SSO authentication. A user is successfully logged in between 5 to 6 seconds.

As we are implementing this for our company Intranet, this is regarded as a delay. Is there any way that I can speed up the process?

In order to isolate the problem, I have also installed a Drupal fresh copy which has only the LDAP/SSO modules and still I'm noticing the same delay.

Please see the attachment which shows the time taken for the process with Chrome browser.

Thanks

CommentFileSizeAuthor
#5 calltree.png539.5 KBgrahl
#3 cachegrind.out_.1471402959_362552.intranet__home_XDEBUG_PROFILE.zip1.02 MBcrystalgrafix
sso_delay.jpg29.78 KBcrystalgrafix
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

crystalgrafix created an issue. See original summary.

larowlan’s picture

larowlan
Location 🇦🇺🏝.au GMT+10
CreditAttribution: larowlan at PreviousNext commented
Status: Active » Postponed (maintainer needs more info)
Issue tags: -SSO

Can you profile from the php side and report back what it taking the most time.

You can use tools like blackfire.io if you're after an easy way to get started profiling.

crystalgrafix’s picture

crystalgrafix CreditAttribution: crystalgrafix commented
FileSize
cachegrind.out_.1471402959_362552.intranet__home_XDEBUG_PROFILE.zip1.02 MB

Hi,

I'm using a windows server and have issues configuring blackfire.io

Therefore managed to output a file from Xdebug. Please see the attachment and let me know if this is sufficient.

Thanks

crystalgrafix’s picture

crystalgrafix CreditAttribution: crystalgrafix commented
Status: Postponed (maintainer needs more info) » Active
grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Category: Bug report » Support request
Status: Active » Closed (works as designed)
FileSize
calltree.png539.5 KB

Hi

I looked at your xdebug output and cannot find any significant resource usage usage by LDAP (see also the attached screenshot).

You are probably using Kerberos, right? Consider fine-tuning this since it can take several seconds to get a valid ticket for the kerberos daemon. I have noticed this myself that the first request is the slowest at several seconds and the ones after that resolve in less than a second. This is not something we can fix in Drupal, it's several layers below it in Apache.

markusd1984’s picture

markusd1984 CreditAttribution: markusd1984 commented

Has anyone come across any way to test or fine-tune Kerberos to reduce the lag?

I have the exact same issue, with around 7+ secs using apache.

grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented

I can't speak for Windows but under Linux I've used kinit to debug whether I'd gotten a Kerberos ticket and could reproduce the timing issues there.

Just from googling it seems that adjusting ticket lifetime in krb5.conf and/or changes regarding dns there could help you out but since in my case tickets live long enough it's fine for us if the first user of the week has to wait a little bit longer.

grahl’s picture

grahl
he/him
Location Zürich
CreditAttribution: grahl as a volunteer commented
Project: Lightweight Directory Access Protocol » LDAP Single Sign On
Version: 7.x-2.0-beta8 » 7.x-2.x-dev