-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add benchmarks to documentation #161
Comments
* warden: rename `assertion` to `token` - closes #158 * config: do not log database credentials - closes #147 * oauth2: upgrade fosite - close #160 * config: do not store database config in hydra config - closes #164 * oauth2: id_token at_hash / c_hash is null - closes #129 * jwk: improve error message of wrong system secrect - closes #104 * readme: improve images, add benchmarks - closes #161 * cmd: improve connect dialogue - closes #170 * cmd: fix --dry option - closes #157 * firewall: document warden interface sdk * readme: link openid connect and oauth2 introduction * cmd: introduce FORCE_ROOT_CLIENT_CREDENTIALS env var - closes #140 * readme: document error redirect to identity provider - closes #96 * internal: fosite store must be consistent to avoid errors - closes #176 * client: add GetConcreteClient to http manager * cmd: host process now logs basic information on all http requests - closes #178 * all: add memory profiling - closes #179 * warden: resolve nil pointer issue - closes #181 * cmd: clean up env to struct mapping, add more controls * cmd: bcrypt cost should be configurable - closes #184 * cmd: token lifespans should be configurable - closes #183 * cmd: resolve issues with envirnoment config - closes #182 * cmd: implement tls termination capability - closes #177 * cmd: resolve issues with redirect logic and TLS * oauth2: implement default oauth2 consent endpoint - closes #185 * warden - closes #188 * oauth2: id token claims should be set by using id_token - closes #188 * oauth2: oauth2 implicit flow should allow custom protocols - closes #180 * oauth2: core scope should not be mandatory - closes #189 * warden: warden sdk should not make distinction between token and request - closes #190 * warden: rename authorized / allowed endpoints to something more meaningful - closes #162 * ci: improve travis config
Reopening to do some proper stress testing on GCE |
I did another benchmark with hydra deployed on GCE. Note that all requests used http, not https. The deployment was a single VM configured as followed (:= 80$/month): Please note that I did not add any additional policies to the store. Also, there is an effort in ladon to greatly improve the regexp-caused CPU complexity. It is possible that future implementation will perform a lot better on warden endpoints. In-memoryThe in-memory implementation was tested. Introspection: 500 concurrent connections
And CPU maxing at about 20% Client Credentials: 100 concurrent connectionsGetting client credentials is a very CPU expensive task, as we need to use bcrypt in order to receive tokens.
CPU is drained 100%: Warden (with token): 500 concurrent connections
CPU drain is similar to introspection (about 20%) Memory snapshotsMemory usage was sampled a couple of times, nothing exceeded:
PostgreSQLPlease note that the PostgreSQL database was running on the same VM as hydra. PostgreSQL configuration was not modified in any way. 500 concurrent connections returned error messages, probably because postgres was used with a limit. This is why we used 100 connections instead. The CPU drain increased due to postgres: Introspection: 100 concurrent connections
Client Credentials: 100 concurrent connections
Warden (with token): 100 concurrent connections
Memory snapshotsMemory usage was sampled a couple of times:
|
For local testing:
|
This is resolved |
JWKS endpoint (GET)
Warden allowed endpoint (POST)
Warden authorized endpoint (POST)
OAuth2 Client Credentials Flow
Note: This is much slower because the client credentials are validated using bcrypt.
The text was updated successfully, but these errors were encountered: