Shibboleth SP getting progressively slower

Steve Thorpe thorpe at
Thu Jan 19 15:22:20 GMT 2012

On 1/19/12 12:01 AM, Cantor, Scott wrote:
> There's only one bottleneck I know of in the SP that is visible when you load test using a common NameID. If you send it thousands of sessions wth a common ID, there's a chokepoint in the code that doesn't handle that scenario because it's not really realisitic and I didn't handle it well.
> Otherwise there aren't many real chokepoints unless your session count builds up very high. If you have reasonable timeouts set to purge them routinely, they wouldn't ever build up enough to matter.

It seems likely we also encountered this bottleneck at MCNC, though it 
wasn't with load testing per se.  In our case we had an end-to-end (SP 
-> WAYF -> IdP -> SP) Nagios monitoring check running once per minute, 
24x7. Gradually over a period of a few weeks, the SP took longer and 
longer to service each login request.  At a certain point, they were 
taking >20 seconds each, and the Nagios monitor started timing out and 
complaining.  We modified the configuration so the NameID was no longer 
sent from the IdP to the SP, and the problem went away.


Steve Thorpe
Systems Programmer/Analyst, MCNC
Email: thorpe at
Office: 919-248-1161
Mobile: 919-724-9654
Skype/AIM: thorpe682

Connecting North Carolina's Future Today

More information about the users mailing list