4 Replies Latest reply: Nov 21, 2010 1:38 PM by Boleslaw Dawidowicz RSS

How PicketLink IDM is used in production

Valentin Roman Newbie

Hi,

 

I am interested to find out how PicketLink IDM is used in production. I am interested in some numbers and how the performance of PicketLink is with those numbers. For example:

  1. How many organization are used (10, 20, 100 ???), how many organizations are in LDAP. In this case what is the time to retrive all organizations that have an attribute with a given value (lets say "date created" is greater then last year)
  2. How many users does all these organizations have (1,000 users per organization? or maybe 100,000 users per organization?). In case of 100,000 what is the time to retrieve all users that have an attribute with a given value (lets say their "name" starts with "Jo" this feature being used in searching)
  3. How many roles are used and how many users are assigned to a given role. What is the time to retrieve the list of users that are assigned to a given role knowing that the role has 5,000 users assigned to it.

 

This list is just for example to know if someone did some performance tests with PicketLink IDM. I will be interested to know the results.

 

Thanks,

Valentin

  • 1. Re: How PicketLink IDM is used in production
    Anil Saldhana Master

    If you are interested in profiling,  your feedback will be appreciated. This is a OSS project.  Have you looked at the caching mechanism in Hibernate?

  • 2. Re: How PicketLink IDM is used in production
    Valentin Roman Newbie

    Even if the second level caching is activated for Hibernate there are still some problem with performance when you have 20,000 users and all of them have many roles assigned. I was interested to know the target usecase for PicketLink?

    If this is an OSS project does that mean that it does not suppose to support many users (10,000 - 50,000 users) and many organizations, communities and roles?

  • 3. Re: How PicketLink IDM is used in production
    Anil Saldhana Master

    The target use case is to manage identity model for JBoss projects such as GateIn, PicketLink etc.  We have not looked at performance improvements at the scale that you mention.

     

    My reference to OSS is that you have access to the code to look at and do your profiling and feed us back results/suggestions. We are not touting IDM to be like a super identity management model. It is supposed to solve IDM issues.  Performance improvements will be done as we get feedback (such as yours).

  • 4. Re: How PicketLink IDM is used in production
    Boleslaw Dawidowicz Master

    Hi,

     

    sorry for the late response. I cannot give you any numbers or benchmarks. PicketLink IDM is used in GateIn and EPP as core framework to manage users and groups. We are currently doing some profiling around cache usage and actually last week I fixed a buh related to API cache - results was not stored properly properly in RelationshipManagerImp.findRelatedGroups() method. Did you play with "JBossCacheAPICacheProviderImpl" and tried tuning JBoss Cache configuration?. Regarding hibernate store implementation we are planning to do another round of profiling soon. If you did some work in this area any contribution is highly welcome. We are also slowly gathering requirements for PLIDM usage in next version of GateIn which can trigger design improvements and some needed refactorings. If you can share experience about your PicketLink IDM adoption it would also be valuable. I would be interested to hear about things like possible API or SPI improvements and weak points in framework design. If you have any code or patches to share you can contact me directly by email: boleslaw.dawidowicz (at) redhat.com

     

    Bolek