High CPU usage in OpenAM 11.0.0 and 11.0.1 when encoding and decoding SAML2 messages

Last updated Jan 5, 2021

The purpose of this article is to provide assistance if you are experiencing high CPU usage on the OpenAM 11.0.0 and 11.0.1 server when encoding and decoding SAML2 messages (SAML2Utils.encodeForRedirect and SAML2Utils.decodeFromRedirect).

Archived

This article has been archived and is no longer maintained by ForgeRock.

Symptoms

When high CPU usage is noticed, you see many running threads in the stack trace, similar to the following example stack trace:

"http-8080-5" daemon prio=3 tid=0x017f9400 nid=0xc3 runnable [0xa627e000] java.lang.Thread.State: RUNNABLE at java.util.zip.Inflater.inflateBytes(Native Method) at java.util.zip.Inflater.inflate(Inflater.java:238) - locked <0xc0f7bff0> (a java.util.zip.ZStreamRef) at java.util.zip.Inflater.inflate(Inflater.java:256) at com.sun.identity.saml2.common.SAML2Utils.decodeFromRedirect(SAML2Utils.java:1290) at com.sun.identity.saml2.profile.IDPSingleLogout.processLogoutResponse(IDPSingleLogout.java:782) at org.apache.jsp.saml2.jsp.idpSingleLogoutRedirect_jsp._jspService(idpSingleLogoutRedirect_jsp.java:121) ...

Note

If you need help capturing stack traces, see How do I collect JVM data for troubleshooting AM? for further information.

Recent Changes

N/A

Causes

When using Oracle® JDK 1.6.x and early versions of 1.7.x, SAML2 message encoding and decoding requests (using SAML2Utils) can end up in a never-ending loop. This is caused by the way the Zlib library handles zip inflation and deflation; this can lead to stuck threads and consequently high CPU usage.

High CPU usage in OpenAM 11.0.0 and 11.0.1 when encoding and decoding SAML2 messages

Archived

Symptoms

Note

Recent Changes

Causes

Solution

See Also

Related Training

Related Issue Tracker IDs