Performance issue with 4.2.1
Mathew, Sunil
smathew at hbs.edu
Wed Oct 5 20:27:04 UTC 2022
Hi Scott,
We use CAS for authentication. HBS_PERSON_ID gets injected in the response header from CAS and is provided to Shibboleth using RemoteUserAuthHandler defined in web.xml
<!-- Servlet protected by container used for RemoteUser authentication -->
<servlet>
<servlet-name>RemoteUserAuthHandler</servlet-name>
<servlet-class>net.shibboleth.idp.authn.impl.RemoteUserAuthServlet</servlet-class>
<init-param>
<param-name>checkHeaders</param-name>
<param-value>HBS_PERSON_ID</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>RemoteUserAuthHandler</servlet-name>
<url-pattern>/Authn/RemoteUser</url-pattern>
</servlet-mapping>
The things that are taking the most times are in Canvas Home - Before HBS Authentication:
Shib_3.1.1_ONPREM_9-15-22 Day
Shib_3.1.1_ONPREM_9-15-22 Night
% Change from 1st test
% Change BL to AWS_9-14-22 Night
% Change BL to ONPREM_9-21-22 Night
Requests / Transactions (Bold)
# Samples
Average
99% Line
Max
Error %
# Samples
Average
99% Line
Max
Error %
Average
99% Line
Max
Average
99% Line
Max
Average
99% Line
Max
06 - /idp/Authn/RemoteUser
24,000
10
24
3,013
0.00%
48,000
9
18
57
0.00%
-10%
-25%
-98%
288
745
27,931
387
2,571
60,239
and in HBS SSO - After Authentication:
Shib_3.1.1_ONPREM_9-15-22 Day
Shib_3.1.1_ONPREM_9-15-22 Night
% Change from 1st test
% Change BL to AWS_9-14-22 Night
% Change BL to ONPREM_9-21-22 Night
Requests / Transactions (Bold)
# Samples
Average
99% Line
Max
Error %
# Samples
Average
99% Line
Max
Error %
Average
99% Line
Max
Average
99% Line
Max
Average
99% Line
Max
11 - /idp/profile/SAML2/Redirect/SSO;JSESSION_idp-1
24,000
32
62
3,033
0.00%
48,000
30
56
890
0.00%
-6%
-10%
-71%
1,000
2,672
31,631
1,081
3,900
60,680
We suspect either the RemoteUserAuthHandler or the HTML local storage might be causing the issue.
Sunil
From: Cantor, Scott <cantor.2 at osu.edu>
Date: Wednesday, October 5, 2022 at 3:35 PM
To: Shib Users <users at shibboleth.net>
Cc: Mathew, Sunil <smathew at hbs.edu>
Subject: Re: Performance issue with 4.2.1
On 10/5/22, 3:20 PM, "users on behalf of Mathew, Sunil via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
> Please let me know if anyone has noticed performance issues with the
> 4.2.1 version of Shibboleth IdP?
No, but I'm visually illterate for all intents and purposes, so your table quite honestly doesn't tell me anything I can interpret as a question relating to a specific aspect of the software.
If you narratively explain what is slower specifically, then I could speak to what's changed. If you don't know what's actually slower, then I would suggest you need to instrument things with logging and/or the metrics support to actually identify where it's slowing down specifically.
But there is little doubt for me that it's your environment, not the IdP. I've seen no substantive changes since I deployed 3.0 that weren't because of Jetty bugs/leaks, and I wouldn't have expected any.
If LDAP is involved, then I would likely be looking at your network and LDAP situation as a culprit. That stuff has definitely changed, just not in ways I ever noticed.
-- Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221005/ba3d44d5/attachment.htm>
More information about the users
mailing list