Slow response from privacyidea for OTP

jzerotwo · January 23, 2022, 11:08am

Hi all,
I’ve configured keycloak to use PrivacyIdea as the OTP token provider, the procedure is documented here Versatile 2FA Single Sign-On with Keycloak and privacyIDEA – privacyID3A
I have an environment with 4 Active Directory servers federated with keycloak…

The issue I’m having is that when a user authenticates, it sometimes takes up to 10 seconds for privacyidea to respond to keycloak. I’ve tried enable User cache, but this doesn’t seem to make any difference. Does anyone have any tips or has anyone experienced this before?

cornelinux · January 31, 2022, 7:44am

It very much depends on your configuration, your setup, communication to user store, to database, number of policies and events, number of tokens and tokentypes.
There are a lot of possibilities where the time can be consumed.
It might be a good idea to turn on debug log and look for long gaps in the debug entries.