search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 729 forks source link

[Performance] SAML2 SSO Redirect Binding: Login Page Slow Load Time at Higher Concurrency #16096

Closed Sachin-Mamoru closed 2 weeks ago

Sachin-Mamoru commented 1 year ago

Describe the issue: In SAML2 Single Sign-On (SSO) scenarios utilizing the Redirect Binding method, there is an observed issue regarding the loading time of the login page when multiple concurrent requests are made. At higher concurrency levels, the login page takes a significant amount of time to load, resulting in a suboptimal user experience and potential performance degradation.

2 Node 4 Core - SAML2 SSO Redirect Binding [Performance Test]



Scenario Name Heap Size Concurrent Users Label # Samples Error Count Error % Throughput (Requests/sec) Average Response Time (ms)
SAML2 SSO Redirect Binding 2G 1000 Identity Provider Login 11288 507 4.49 20.53 4441.42
SAML2 SSO Redirect Binding 2G 1000 Initial SAML Request 12685 2063 16.26 23.09 10758.82
SAML2 SSO Redirect Binding 2G 1000 Login Page 10704 563 5.26 21.85 23842.69
SAML2 SSO Redirect Binding 2G 1500 Identity Provider Login 1017 1017 100 11.38 60032
SAML2 SSO Redirect Binding 2G 1500 Initial SAML Request 7869 7869 100 16.01 60032
SAML2 SSO Redirect Binding 2G 2000 Identity Provider Login 1014 1014 100 12.76 60032
SAML2 SSO Redirect Binding 2G 2000 Initial SAML Request 11923 11923 100 24.12 60032.02
SAML2 SSO Redirect Binding 2G 2500 Identity Provider Login 1021 1021 100 12.28 43098.87
SAML2 SSO Redirect Binding 2G 2500 Initial SAML Request 14357 14357 100 26.05 67974.11
SAML2 SSO Redirect Binding 2G 3000 Identity Provider Login 1031 1031 100 12.83 38838.03
SAML2 SSO Redirect Binding 2G 3000 Initial SAML Request 16981 16981 100 30.59 73384.73

TID: [] [] [2023-04-16 17:53:13,865] [] WARN {org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve} - Thread [https-jsse-nio-9443-exec-262] (id=[{6}]) has been active for [609,822] milliseconds (since [4/16/23, 5:43 PM]) to serve the same request for [https://10.0.1.23/authenticationendpoint/login.do?commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=7afdb811-c44a-4a2a-91a3-f745e359dca7&relyingParty=travelocity_924&type=samlsso&sp=travelocityApp_924&isSaaSApp=false&authenticators=BasicAuthenticator%3ALOCAL] and may be stuck (configured threshold for this StuckThreadDetectionValve is [600] seconds). There is/are [500] thread(s) in total that are monitored by this Valve and may be stuck., tenantDomain=carbon.super, correlation-id=0469dd54-e218-437c-aac4-bb13a3a7308e java.lang.Throwable

How to reproduce:

  1. Run performance test for SAML2 SSO Redirect Binding with login page
  2. Run for higher concurrencies like 500, 1000 etc.
  3. Check login page response time

Expected behavior:

  1. Take around few seconds to load the page

The following are the test parameters.

Test Parameter Description Values
Scenario Name The name of the test scenario. Refer to the above table.
Heap Size The amount of memory allocated to the application 2G
Concurrent Users The number of users accessing the application at the same time. 50, 100, 150, 300, 500
IS Instance Type The AWS instance type used to run the Identity Server. c5.xlarge
IS DB Instance Type The AWS RDS instance type used. db.m4.2xlarge
JDK version The JDK version used to run the Identity Server. JDK 11.0.15.1
isharak commented 2 weeks ago

This issue is being closed due to extended inactivity. Please feel free to reopen it if further attention is needed. Thank you for helping us keep the issue list relevant and focused!