This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Access Manager Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by RSA Access Manager experts.

RSA Access Manager: How to increase RSA ClearTrust 5.5 Entitlements Server (EServer) timeout value to avoid errors when listing large numbers of User Groups

Article Number

000022670

Applies To

RSA Product Set: Access Manager 
RSA Product/Service Type: RSA ClearTrust 5.5 Entitlements Server (EServer)
BEA WebLogic 8.1 SP2

BEA WebLogic Portal Server
RSA ClearTrust Agent 3.5.2 for BEA WebLogic 8.1 SP2

Issue

How to increase RSA ClearTrust 5.5 Entitlements Server (EServer) timeout value to avoid errors when listing large numbers of User Groups
Unable to list user or groups in the BEA WebLogic Admin Console or BEA WebLogic Portal Admin Console
EServer debug output shows a Broken Pipe Message:

15:52:14:927 [*] [APIClientProxy_1] - Return code is 0 no exception
java.net.SocketException: Broken pipe
 ....
 at sirrus.api.server.APIClientProxy.run(APIClientProxy.java:839)
15:52:14:946 [*] [APIClientProxy_1] - Return code is 5 msg is java.net.SocketException: Broken pipe
15:52:14:947 [*] [APIClientProxy_1] - Command duration is 21933 milliseconds
EServer log file shows the following error message:

sequence_number=78,2006-02-17 15:52:14:951 EST,conn=1,op=3,messageID=908,ip=10.50.5.74,uname=weblogic,msg=Get groups by range,result=5,etime=21933ms,exception=java.net.SocketException: Broken pipe,start=0,end=2147483647
BEA WebLogic Console output shows the following exception:

<Feb 17, 2006 3:52:58 PM EST> <Error> <HTTP> <BEA-101020> <[ServletContext(id=17490623,name=CleartrustTestAdmin,context-path=/CleartrustTestAdmin)] Servlet failed with Exception
com.bea.p13n.usermgmt.UserManagementException: com.bea.p13n.usermgmt.UserManagementException: Cannot build AtnTree for provider ClearTrustAuthenticator because....

Cause

This error may occur if the number of RSA ClearTrust user groups or user objects in the datastore is large and/or the datastore performance is slow. The error occurs when the result from a query to the datastore exceeds the default timeout of 15 seconds for the connection between the ClearTrust Agent and the EServer. The Agent times out and drops the socket and this results in the EServer being unable to return the result.

Resolution

Increase the timeout value for the EServer until the query returns without error. The appropriate value depends on the number of objects in the datastore and the datastore response time. This value should be greater than the "Command duration" listed in the server debug output statement for the query that generates the exception.

In the release version of RSA ClearTrust Agent 3.5.2 for BEA WebLogic, the EServer timeout value is 15 seconds and is not user configurable.

Hot fix 3.5.2.04 addresses this issue by adding a new cleartrust_realm.properties file parameter called cleartrust.agent.entitlements_server_timeout= that allows you to increase this value. Contact RSA Security Customer Support to obtain hotfix 3.5.2.04. Then, make the changes to the cleartrust_realm.properties file as recommended in the hotfix Readme file.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 09:19 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.