We have noticed it taking a very long time (up to 60s) to complete the SAML auth flow. Here are some logs showing the bigger time gaps. We are on version 1.1.7 of the SAML plugin and running Jenkins version 2.257.
Sep 24, 2020 7:52:17 AM FINE org.pac4j.saml.client.SAML2Client retrieveUserProfileAdding attribute value mark.schroering@*****.com for attribute null
Sep 24, 2020 7:52:17 AM FINE org.pac4j.core.profile.UserProfile addAttributeno conversion => key: email / value: [mark.schroering@*****.com] / class java.util.ArrayList
Sep 24, 2020 7:52:17 AM FINE org.pac4j.core.profile.UserProfile addAttributeno conversion => key: notBefore / value: 2020-09-24T11:46:38.907Z / class org.joda.time.DateTime
Sep 24, 2020 7:52:17 AM FINE org.pac4j.core.profile.UserProfile addAttributeno conversion => key: notOnOrAfter / value: 2020-09-24T11:56:38.907Z / class org.joda.time.DateTime
Sep 24, 2020 7:52:17 AM FINEST org.jenkinsci.plugins.saml.OpenSAMLWrapperreset TCCL
Sep 24, 2020 7:53:35 AM FINE org.jenkinsci.plugins.saml.SamlSecurityRealmSamlSecurityRealm.doCommenceLogin called. Using consumerServiceUrl https://ci.infra.lifeomic.com/securityRealm/finishLogin
Sep 24, 2020 7:53:35 AM FINE org.jenkinsci.plugins.saml.SamlSecurityRealmSafe URL redirection: /
Sep 24, 2020 7:53:35 AM FINEST org.jenkinsci.plugins.saml.OpenSAMLWrapperadapt TCCL
Sep 24, 2020 7:53:45 AM FINE org.jenkinsci.plugins.saml.SamlSecurityRealmSamlSecurityRealm.doCommenceLogin called. Using consumerServiceUrl https://ci.infra.lifeomic.com/securityRealm/finishLogin
Sep 24, 2020 7:53:45 AM FINE org.jenkinsci.plugins.saml.SamlSecurityRealmSafe URL redirection: /
Sep 24, 2020 7:53:45 AM FINEST org.jenkinsci.plugins.saml.OpenSAMLWrapperadapt TCCL
Sep 24, 2020 7:54:13 AM INFO org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver Using SP entity ID https://ci.infra.lifeomic.com/securityRealm/finishLogin
Sep 24, 2020 7:54:13 AM INFO org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveWriting sp metadata to /mnt/jenkins_home/saml-sp-metadata.xml
Sep 24, 2020 7:54:13 AM INFO org.pac4j.saml.metadata.SAML2ServiceProviderMetadataResolver resolveAttempting to create directory structure for /mnt/jenkins_home
Looking at the browser tools on page load:
GET /securityRealm/commenceLogin <-- 57s
GET /securityRealm/finishLogin <--- 38s
the Okta SSO parts in between seem to be quick as expected.
Any tips on how to further debug or troubleshoot would be appreciated.
Thanks for the help.