Oracle Identity Federation Performance Tuning 24-3 waiting too long for an error when the server is not responding, Oracle Identity Federation sets a read timeout property on the LDAP connection. If the LDAP server does not respond before the read timeout period, an error is generated. Oracle Identity Federation closes the connection, open a new one and re-issue the LDAP command. See Configuring the LDAP Read Timeout Setting in Oracle Fusion Middleware Administrators Guide for Oracle Identity Federation. ■ Setting the High Availability HA LDAP Flag. When integrated with LDAP Servers that are deployed in HA mode, Oracle Identity Federation must configured to indicate that the LDAP Servers are in HA mode. See Configuring High Availability LDAP Servers in Oracle Fusion Middleware Administrators Guide for Oracle Identity Federation.

24.2.3 Federation Data Store Settings

When using Oracle Internet Directory as the Federation Data Store, Oracle Identity Federation creates, locates, updates and deletes federation records containing Account Linking Information. Oracle Identity Federation uses specific queries when interacting with Oracle Internet Directory, and the performance can be improved by creating filters in Oracle Internet Directory. If Oracle Internet Directory is used as the Federation Data Store, it is possible to tune the LDAP Server to improve the performance of the lookup operations. Oracle Identity Federation server can be configured to use a Federation Store to persist Federated Identities records. The Federation server uses this store to: ■ Lookup a federation record through different queries ■ Create a federation record ■ Delete a federation In addition to the Oracle Identity Federation-related orclinmemfiltprocess filter objectclass=orclfeduserinfo, which is included by default, some Oracle Identity Federation environments might benefit from additional filters with the following formats: orclfedserverid=local_oif_server_id orclfedproviderid=providerid_of_remote_server orclfedfederationtype=n where orclfedserverid denotes the Oracle Identity Federation server that is making the query, orclfedproviderid is the identifier of a remote SAML server, and orclfedfederationtype is 1 or 3. Use 1 as the value for orclfedfederationtype when Oracle Identity Federation is an Identity Provider and the remote provider is a Service Provider. Use 3 when Oracle Identity Federation is a Service Provider and the remote provider is an Identity Provider. A deployment can be configured to work with many remote SAML servers, so there can be several orclfedproviderid filters and more than one orclfedfederationtype filter. For example: orclfedserverid=my_oif_server orclfedproviderid=http:server.example.com:7499fedidp