Issue

Identity Provider experiences socket timeout errors with low CPU utilisation.


Details

During load testing of IdP, deployer observes socket timeout errors at around 355 concurrent users. Using a VM, the deployer increased processor cores from 2 to 8 and RAM from 2GB to 8GB and observed a similar result with a small variation in page response time.


Resolution

The IdP logging level was in DEBUG mode causing severe Disk IO waits, limiting the jetty process from serving additional requests concurrently. Recommend reviewing the IdP logback.xml configuration file and reverting the logger to their default logging level INFO for IdP and OpenSAML. The default LDAP logging level is WARN.


The logging configuration (at conf/logback.xml) is a reloadable service, when configured, which enables the logging service to reload without a restart of the IdP.


Links

IdP 4 Logging Configuration

    https://wiki.shibboleth.net/confluence/display/IDP4/LoggingConfiguration

IdP 3 Logging Configuration

    https://wiki.shibboleth.net/confluence/display/IDP30/LoggingConfiguration