20 likes | 170 Views
Another consideration for benchmarking was whether to use the Gluu Server for Session Management. The OpenID Connect specification does not require central sessions management–the session is only in the browser. In the Gluu Server, central session persistence is optional.
E N D
Authentication Speed versus Flexibility: Benchmarking SSO Gluu has been working quite a bit recently on benchmarking, and the question came up whether it’s better to use the Gluu Server’s built in LDAP authentication with a custom filter, or the Jython based “Custom Authentication Interception Script.” If you are just considering throughput, the Jython script has more CPU overhead. However, it gives the organization vastly more flexibility. In the future, some organizations may support many authentication workflows. How to identify a person may vary depending on the location of the person being authenticated, and what device is in their hands. Authentication attempts provide valuable data for fraud detection, which may be exposed via API interfaces. For these cases, empowering system administrators to add business logic without having to compile, build, and deploy a war/jar file can improve security and add agility. Another consideration for benchmarking was whether to use the Gluu Server for Session Management. The OpenID Connect specification does not require central session’s management–the session is only in the browser. In the Gluu Server, central session persistence is optional. In large deployments, it’s un-desirable. In smaller deployments, it can be quite useful.
In the future, we may see complimentary cas single sign on specifications to add session management alternatives. One idea is for the OpenID Provider (“OP”) to return the logout URLs to the browser, which could then notify the back-end servers that a logout has occurred. The Gluu Server also has a “Custom Logout Interception Script” that enables the OP to insert some tactical code to ensure the cleanup of resources (for example, call the API to make sure the CA Site minder session is ended). In the long term, session management needs to be centralized to enable SSO where there are many autonomous websites and sso service. Also, extending Web SSO to mobile applications is under discussion for standardization. This is critical for IoT. For example, when I logout of my tablet, can I force a logout of my TV? As the OP becomes smarter, there is a trade-off of speed and flexibility, hardware and functionality. Depending on your business requirements, and the number of people you are serving, you may have to make a number of hard choices. Article resource:-http://gluu.soup.io/post/440885561/Authentication-Speed-Versus-Flexibility-Benchmarking-SSO