The /users endpoint (for the first time) cause access to the configuration directory related to delegation access.
Now this may not be an issue in functionality but from a scalability issue it causes a lot of load to configuration directory (when a users endpoint is accessed). Now there is no such config LDAP activity from /authenticate or /session endpoint (if
OPENAM-13330 is not hit)
- Install AM, create a /external realm
- Authenticate to /external realm
- Access the users endpoint /users/<user> on this realm
- Check that the Config LDAP access log and notice the first time the users endpoint it access, this is accessed.
Issue is that these access looks the same and ideally should be cached. Or more like saying as the session is belonging to the same user, the same user should not be causing delegation checks on themselves.
Something similar from 6.0 -> 7.0
Most of the delegation check seems to be due to getMemberships()