Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12571

Docs: some slight inaccuracies around stateless sessions

    XMLWordPrintable

Details

    • Rank:
      1|hzvgfz:
    • No
    • No
    • No (add reasons in the comment)

    Description

      There are a few inaccuracies around stateless sessions in the current docs that should be fixed.

      1. The authentication and SSO guide says:

      For stateless sessions, the{{iPlanetDirectoryPro}} cookie is considerably larger—approximately 2000 bytes or more

      This depends on the configuration options. If you follow the advice in the box for configuring stateless sessions for Agents 5 then the tokens end up being around 780 bytes in either case.

      2. The section on choosing between stateful and stateless says:

      Stateless sessions must send a larger cookie to the AM server, and the JWT in the stateless session cookie must be decrypted. The decryption operation can significantly impact AM server performance, reducing the number of session validations per second per host.

      I don't think this is actually true, unless using particularly slow options like RSA. We should check what performance test figures we have and what options were used. Microbenchmarks for the JWT library suggest that HMAC (HS256) verification and/or AES direct decryption take around 25 microseconds each, so should be faster than a CTS lookup. (Both stateful and stateless perform caching, so I'd expect similar results when the session is in the cache).
       

      Attachments

        Activity

          People

            cristina.herraz Cristina Herraz [X] (Inactive)
            neil.madden Neil Madden
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: