Shibboleth SP getting progressively slower
Steve Thorpe
thorpe at mailbox.mcnc.org
Thu Jan 19 15:22:20 GMT 2012
On 1/19/12 12:01 AM, Cantor, Scott wrote:
> There's only one bottleneck I know of in the SP that is visible when you load test using a common NameID. If you send it thousands of sessions wth a common ID, there's a chokepoint in the code that doesn't handle that scenario because it's not really realisitic and I didn't handle it well.
>
> Otherwise there aren't many real chokepoints unless your session count builds up very high. If you have reasonable timeouts set to purge them routinely, they wouldn't ever build up enough to matter.
It seems likely we also encountered this bottleneck at MCNC, though it
wasn't with load testing per se. In our case we had an end-to-end (SP
-> WAYF -> IdP -> SP) Nagios monitoring check running once per minute,
24x7. Gradually over a period of a few weeks, the SP took longer and
longer to service each login request. At a certain point, they were
taking >20 seconds each, and the Nagios monitor started timing out and
complaining. We modified the configuration so the NameID was no longer
sent from the IdP to the SP, and the problem went away.
Steve
--
Steve Thorpe
Systems Programmer/Analyst, MCNC
Email: thorpe at mcnc.org
Office: 919-248-1161
Mobile: 919-724-9654
Skype/AIM: thorpe682
Connecting North Carolina's Future Today
More information about the users
mailing list