General Guidance on IdP Environment Sizing
cantor.2 at osu.edu
Thu Sep 27 14:58:58 EDT 2018
If the issue is LDAP performance then the sizing in question would be on that side, not the IdP. The IdP spends most of its time signing things, it's incredibly CPU bound.
I do an LDAP lookup per login, though primary authn is Kerberos protocol (much faster than LDAP), but with 200-400,000 logins per day I just have two servers live and could easily handle the load on one (physical) box.
More information about the users