Broker 10.15 | webMethods Broker Documentation | Administering webMethods Broker | Managing Broker Security | Securing Broker Server Using Basic Authentication | Basic Authentication Alias | Disabling Basic Authentication Alias
 
Disabling Basic Authentication Alias
When the authentication systems are slow or down, a client call might time-out if the user authentication takes more than 30 seconds.
Set the LDAP search time-out parameter using the ssx-ldap-search-timeout configuration parameter in the basicauth.cfg file or/and the SSX_LDAP_TIMEOUT environment variable to avoid client call time-out.
If webMethods Broker fails to connect to an alias even after three attempts, webMethods Broker disables an unresponsive alias as described in the following process to speed up the basic authentication process.
1. Disables an unresponsive alias for a period specified in the alias-min-disable-time parameter.
2. Enables the disabled alias and attempts re-authentication after the time specified in the alias-min-disable-time parameter elapses.
3. Doubles the alias disable time if re-authentication fails and attempts re-authentication in regular intervals at the end of the alias disable time until a value assigned to the alias-max-disable-time parameter is reached.
4. Attempts to re-authenticate the disabled alias in regular intervals specified by the alias-max-disable-time parameter after the alias disable time reaches the value specified in the alias-max-disable-time parameter.
For alias-min-disable-time and alias-max-disable-time parameter descriptions, see Basic Authentication Configuration Parameters.
Configuration example for disabling the basic authentication alias
In the basic authentication configuration (basicauth.cfg ) file, consider alias-min-disable-time=10 and alias-max-disable-time=180.
If webMethods Broker fails to connect to an alias after three attempts, webMethods Broker does the following:
1. Suspends the unresponsive alias for 10 seconds (alias-min-disable-time=10).
2. Enables the disabled alias after 10 seconds and attempts re-authentication.
3. Doubles the alias disable time if re-authentication fails, and attempts re-authentication after the alias disable time elapses. This step repeats until the alias disable time reaches 180 seconds (alias-max-disable-time=180).
4. Continues to disable the alias for 180 if the alias is unresponsive and attempts re-authentication every 180 seconds (alias-max-disable-time) until the alias is responsive.