Loading Confluence Login page for the first time is slow
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Users experience that loading Confluence login page for the first time is slow; Confluence administrators can also observe that User Directory synchronisation might have failed.
Environment
Confluence 7.19
Diagnosis
Checking the atlassian-confluence.log , it can be observed the following connection timed out in the LDAP connector:
[atlasplugins.samlsso.userauth.AbstractRemoteDirectoryAdapter] updateRemoteUser updateRemoteUser failed
-- referer: https://XXX.com/ | url: /plugins/servlet/samlsso | traceId: fd8b1e08e3c493ac | userName: anonymous
com.atlassian.crowd.exception.OperationFailedException: org.springframework.transaction.CannotCreateTransactionException: Could not create DirContext instance for transaction; nested exception is org.springframework.ldap.CommunicationException: XXX:3268; nested exception is javax.naming.CommunicationException: XXX.org:3268 [Root exception is java.net.ConnectException: Connection timed out (Connection timed out)]
at com.atlassian.crowd.directory.SpringLDAPConnector.pageSearchResults(SpringLDAPConnector.java:418)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntitiesWithRequestControls(SpringLDAPConnector.java:453)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchEntities(SpringLDAPConnector.java:437)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchUserObjects(SpringLDAPConnector.java:640)
at com.atlassian.crowd.directory.SpringLDAPConnector.findUserWithAttributesByName(SpringLDAPConnector.java:596)
at com.atlassian.crowd.directory.SpringLDAPConnector.findUserByName(SpringLDAPConnector.java:583)
at com.atlassian.crowd.directory.RFC4519Directory.findGroupMembershipNamesOfUserViaMemberDN(RFC4519Directory.java:590)
at com.atlassian.crowd.directory.RFC4519Directory.findGroupMembershipNames(RFC4519Directory.java:451)
at com.atlassian.crowd.directory.MicrosoftActiveDirectory.findGroupMembershipNames(MicrosoftActiveDirectory.java:368)
at com.atlassian.crowd.directory.RFC4519Directory.searchGroupRelationshipsWithGroupTypeSpecified(RFC4519Directory.java:408)
at com.atlassian.crowd.directory.SpringLDAPConnector.searchGroupRelationships(SpringLDAPConnector.java:1376)
at com.atlassian.crowd.directory.DbCachingRemoteDirectory.fetchRemoteUserMemberships(DbCachingRemoteDirectory.java:373)
...
...
Similar kind of errors can be found in the atlassian-confluence-security.log :
2023-07-19 08:50:34,422 ERROR [Caesium-1-3] [atlassian.crowd.directory.DbCachingDirectoryPoller] pollChanges Error occurred while refreshing the cache for directory [ 7864321 ].
org.springframework.ldap.CommunicationException: XXX.org:3268; nested exception is javax.naming.CommunicationException: XXX.org:3268 [Root exception is java.net.ConnectException: Connection timed out (Connection timed out)]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:108)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)
...
...Cause
The problem in this specific case is that the Connection Timeout setting for your LDAP directory is set to 0 (unlimited):
Solution
Increase the Connection Timeout value for the external User Directory that is reporting the connectivity issue:
- Log in to Confluence using an Internal Directory Admin account
- Browse to Administration, then select General Configuration
- Click 'User Directories' in the left-hand panel
- Edit the respective LDAP directory configured for SAML authentication
- Go to Advance Configuration and set the Connection Timeout value to a value different than zero, for example, 30 seconds.
- Perform a Full Syncronization of your User Directory
Related Knowledge
- Some users are unable to login due to Active Directory 'follow referrals' configuration
- LDAP users fail to authenticate with response timeout errors in logs in Jira server