You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This readALL pattern should be prevented and identy_provider DB should have a field like external_key (type string) with an index on it. This should solve the lookup from external token to UAA IdP.
External_key should contain entityID in case of SAML and issuer in case of OIDC/OAUTH
The text was updated successfully, but these errors were encountered:
What version of UAA are you running?
Develop, latest UAA
What output do you see from
curl <YOUR_UAA>/info -H'Accept: application/json'
?How are you deploying the UAA?
I am deploying the UAA
What did you do?
What did you expect to see? What goal are you trying to achieve with the UAA?
Login < 1s , without memory and/or DB issues
What did you see instead?
With SAML there are memory issues, with OIDC mainly DB issues.
Why:
SAML delegates the lookup from entiyID (external key or the SAML assertion) to spring-security-saml and in UAA there is a cache but if there are many entries there is a memory problem, e.g. https://github.com/cloudfoundry/uaa/blob/develop/server/src/main/java/org/cloudfoundry/identity/uaa/provider/saml/LoginSamlAuthenticationProvider.java#L129 reads all saml providers from DB and resolves then the needed one from SAML message (entityID)
OIDC similar readAll and filter in code, e.g. https://github.com/cloudfoundry/uaa/blob/develop/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthProviderConfigurator.java#L153-L158
This readALL pattern should be prevented and identy_provider DB should have a field like external_key (type string) with an index on it. This should solve the lookup from external token to UAA IdP.
External_key should contain entityID in case of SAML and issuer in case of OIDC/OAUTH
The text was updated successfully, but these errors were encountered: