Installation Guides › Implementation Guide › Performance Tuning › Application Tier Performance › Authentication Guidelines

Authentication Guidelines

SOA Security Manager performance during the authentication (IsAuthenticated?) step typically correlates with:

• The system resources used to service an authentication request
• The number of reads/writes, collectively known as requests, that the Policy Server makes to SOA Security Manager user directories to service an authentication request

Authentication Schemes and Authentication Performance

Different SOA Security Manager authentication schemes impose different level of SOA Agent processing overhead, which can also vary between SOA Agent types.

In general, authentication throughput is greater for authentication schemes that do not require digital signature verification or payload confidentiality.

Digital signature verification is more CPU- and data-intensive on SOA Agent for Web Servers, but also slightly impacts SOA Agents for application servers.

User Directories and Authentication Performance

You bind one or more user directory connections when configuring an application or domain. The Policy Server uses the search criteria specified in the user directory connection to verify user credentials during the authentication step.

Search expressions and queries affect user authentication performance. The more complex the LDAP expression or ODBC query defined in the user directory connection, the longer it takes the Policy Server to resolve the criteria to authenticate the user.

Note: For more information about configuring user directory connections, see the [set the co variable for your book].

Consider also the following authentication performance factors when configuring user directory connections in application or domain objects:

• The number of directory connections configured—The Policy Server searches each user directory in the application or domain until it is able to validate the user credentials. The greater the number of user directory connections, the longer it can take the Policy Server to authenticate the user.

  Evaluate ways to reduce the number of directory connections in a domain to prevent unnecessary Policy Server requests. Consider:

  • Who is requesting the resources within the domain and in which directories their information is stored
  • Combining user directories when you add an organization to your SOA Security Manager deployment
• The order in which user directory connections are listed—The Policy Server searches user directories in the order in which the application or domain lists them. Evaluate authentication priorities when determining the order of connections. Consider:
  • If a larger percentage of users access the application from a specific directory or directories
  • If a smaller group of users exists that are higher priority for authentication