Hi Tim,
We're seeing a similar problem on a Windows based vCenter install. Not quite the same, but similar. We see long delays in authentication for users who are using accounts from an external AD/LDAP source. Our logins for vsphere.local and local OS seem to be quite speedy.
We see something similar to this in our SSO logs (C:\ProgramData\VMware\CIS\logs\vmware-sso\vmware-sts-idmd.log):
2014-04-04 16:25:13,343 INFO [IdentityManager] Authentication succeeded for user [jgillis@CORP] in tenant [vsphere.local] in [1958] milliseconds
2014-04-04 16:27:07,631 INFO [IdentityManager] Failed to find principal [jgillis@corp.domain.com] as FSP user in tenant [vsphere.local]
2014-04-04 16:27:10,193 INFO [IdentityManager] Failed to find group [group1@corp.domain.com] as FSP group in tenant [vsphere.local]
2014-04-04 16:27:10,296 INFO [IdentityManager] Failed to find group [group2@corp.domain.com] as FSP group in tenant [vsphere.local]
... Continues on for a lot of groups ...
As you can see, there's a lengthy delay between the first "Authentication succeeded" and the first "Failed to find principal" messages. All told, the group checking appears to take only a few seconds, which is tolerable. It's unclear what happens between the first two steps, though, but seems like the area to attack.
Jason