For web based applications we use JASIG-CAS to provide single sign on, then
each shib IDP authenticates users using JASIG-CAS. We don't make any effort to
try and share state behind the scenes.
As far as non-web traffic is concerned we only have the ECP connections, and I
think those are fairly stateless by nature anyway.
Your welcome to contact me off-list when you return.
All the best,
Sam Jones.
On Wed, Sep 18, 2013 at 06:38:13PM +0000, Andy Swiffin wrote:
> Fairly beefy then!!
>
> Are you sharing state between the IdPs with something like Terracotta to get SSO across other services?
>
> I'm on my way to Greece at the moment so will be offline after now, but if its ok I'd like to get back in touch on my return.
> Cheers
> Andy
>
>
> >-----Original Message-----
> >From: Discussion list for Shibboleth developments [mailto:JISC-
> >[log in to unmask]] On Behalf Of Sam Jones
> >Sent: 18 September 2013 17:18
> >To: [log in to unmask]
> >Subject: Re: tomcat tuning for a busy IdP
> >
> >Sure,
> >
> >In the AJP/1.3 connector configuration for Tomcat we have:
> >maxThreads="1000".
> >We also increased the amount of memory available to the JVM to 8192m. In
> >HTTPD we set MaxClients to 700.
> >
> >We actually run 5 Shib IDPs because we needed a seperate one for each of
> >the Office 365 domains.
> >
> >The service is hosted on 2 physical machines in an active-passive failover
> >configuration. Each host has 12 cores and 16GB of memory.
> >
> >All the best,
> >
> >Sam Jones.
> >
> >
> >On Wed, Sep 18, 2013 at 12:58:17PM +0000, Andy Swiffin wrote:
> >> Thanks Sam, that's interesting.
> >>
> >> Do you have some numbers of what you set things to that you could let us
> >have?
> >>
> >> Cheers
> >> Andy
> >>
> >>
> >>
> >> > -----Original Message-----
> >> > From: Discussion list for Shibboleth developments [mailto:JISC-
> >> >[log in to unmask]] On Behalf Of Sam Jones
> >> > Sent: 18 September 2013 12:01
> >> > To: [log in to unmask]
> >> > Subject: Re: tomcat tuning for a busy IdP ...
> >> > As a part of federating access to Office 365 we made a series of
> >> >performance improvements, largely to handle the additional load
> >generated by ECP traffic.
> >> >
> >> > We:
> >> > * Upped the memory limit and thread limit for Tomcat.
> >> > * Increased the maxclient limit for HTTPD.
> >> >
> >> >...
> >> > Sam Jones.
> >>
> >>
> >> The University of Dundee is a registered Scottish Charity, No:
> >> SC015096
>
>
> The University of Dundee is a registered Scottish Charity, No: SC015096
|