WSO2 identity server is really slow with 2000 policies

StackOverflow https://stackoverflow.com/questions/22244543

  •  10-06-2023
  •  | 
  •  

Question

I am trying to benchmark WSO2 identity server 4.5, using postgresql, to measure how many policies can be supported without having a too bad decision time.

I have java program to upload all my policies using EntitlementPolicyAdminServiceStub from org.wso2.carbon.identity.entitlement.stub-4.2.0.jar:

adminStub.addPolicy(myPolicy)

After the 100 first policies there is an important degradation of upload time (more than 2 sec for each policy) and it gets worse with time.

For 3000 policies, WSO2 is no more responsive and, when I have a look to database statistics I can see there are more than 10^12 Tuples Returned for the all the database and 10^11 Sequential Tuples Read for the reg_resource_property table.

Is it something normal or is there a mistake in my WSO2 configuration?

Was it helpful?

Solution

Yes.. there can be some limit.. In your case, it seems to be an issue with policy storing.. By default identity server stores XACML policies in the wso2 registry.. You could see such database statistics due to that.. Because it is not like just putting policy as a database entry in a table.. As it is governance registry, there are lot things happened behind that... If you need more performance with policy storing, I guess it is better to implement a new policy store by extending the default behavior. Basically you can write a policy store to persist policies in a simple database table or even in file system. You can find the source of the Registry policy store from here.

Also, In runtime, all policies are loaded in to the memory, normally this is happened when entitlement engine is initialized.. or less any update is happened.. When number of policies are large there can be delay in retrieving policies from registry (but registry itself as caching and indexing...so may be not as slow as we think). As runtime, all policies are kept in the memory, we may need to consider about the memory footprint of the server. You can increase it using wso2server.sh file.

Also, there are some doc that has been mentioned about performance test with WSO2IS, Please refer it for more details

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top