Version Affected: All
Description:
AWS is returning a 503 at times. Although at first glance this can appear to be coming from AWS not SecureAuth, with some OIDC setups it can be caused be a slow response from the SecureAuth OIDCToken endpoint
Cause:
The Cognito backend is making a POST to the SecureAuth IdP and expects a reply within 5 seconds.
If you have multiple servers, this request can easily go to a different IdP to what the Users browser talked to and this IdP can be cold and slow to respond
Resolution:
1. Create a new AppPool for these Cognito realms
2. Move the Cognito realm into that AppPool
3. Apply these settings to the Server, Realm and appropriate Apppool Click here
Special Considerations:
I don't recommend applying the steps in that link if you have hundreds of realms all in the same AppPool as it can mean IIS takes longer to start as it will not server full pages until all the realms in the AppPool have been warmed up.
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.