Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix performance issue with external identity provider lookup [OIDC] #2821

Closed
strehle opened this issue Apr 11, 2024 · 2 comments · Fixed by #2932 or #3017
Closed

Fix performance issue with external identity provider lookup [OIDC] #2821

strehle opened this issue Apr 11, 2024 · 2 comments · Fixed by #2932 or #3017
Assignees
@strehle
Labels
unscheduled

Comments

@strehle
Copy link
Member

strehle commented Apr 11, 2024

What version of UAA are you running?

Develop, latest UAA

What output do you see from curl <YOUR_UAA>/info -H'Accept: application/json'?

How are you deploying the UAA?

I am deploying the UAA

  • locally only using gradlew
  • using a bosh release I downloaded from bosh.io
  • using cf-release
  • using cf-deployment

What did you do?

  1. Add many external SAML or OIDC to an identity zone ( > 10.000)
  2. Perform a SAML / OIDC login
  3. Check login times / DB metrics

What did you expect to see? What goal are you trying to achieve with the UAA?

Login < 1s , without memory and/or DB issues

What did you see instead?

With SAML there are memory issues, with OIDC mainly DB issues.
Why:

This readALL pattern should be prevented and identy_provider DB should have a field like external_key (type string) with an index on it. This should solve the lookup from external token to UAA IdP.
External_key should contain entityID in case of SAML and issuer in case of OIDC/OAUTH
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/187412158

The labels on this github issue will be updated when the story is started.

@strehle strehle mentioned this issue Apr 11, 2024
Open
@strehle strehle changed the title Fix performance issue with external identity provider lookup [SAML,OIDC] Fix performance issue with external identity provider lookup [OIDC] Apr 11, 2024
@strehle strehle self-assigned this Apr 11, 2024
@strehle strehle mentioned this issue May 7, 2024
Merged
@strehle
Copy link
Member Author

strehle commented Jun 11, 2024

@hsinn0 see #2825 (comment)
I will start on a fix soon, plan is
a) add externalKey as new column into identity_provider
b) add index for externalKey and zone_id to allow a lookup from a token to the IDP.

-> externalKey is issue in case of OIDC and should be entityID in case of SAML

@strehle strehle linked a pull request Jun 17, 2024 that will close this issue
Add performance index for token resolution #2932
Merged
@strehle strehle moved this from Inbox to Pending Review | Discussion in Foundational Infrastructure Working Group Jun 17, 2024
@github-project-automation github-project-automation bot moved this from Pending Review | Discussion to Done in Foundational Infrastructure Working Group Jul 15, 2024
@strehle strehle reopened this Jul 17, 2024
@strehle strehle linked a pull request Aug 25, 2024 that will close this issue
fix: reduce DB calls in password grant flow #3017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@strehle strehle

Labels
unscheduled
Projects
Foundational Infrastructure Working Group
Archived in project
Milestone
No milestone
2 participants
@cf-gitbot @strehle