Hi Paul,

Yes we are using the embedded tomcat. And, yes we did see memory leak
issues.

With limited troubleshooting resources we resorted to scheduling a cron to
restart the cas service nightly during off-hours. Not an ideal solution but
it has been working for us. Sign-in tickets are preserved between restarts
with redis ticket registry. We will likely revisit it during the next major
update cycle.



On Mon, Jul 15, 2024 at 11:29 AM Paul Taylor <ptay...@vinu.edu> wrote:

> John and Ocean,
>
> Thank you for your updates. We are getting ready to move from CAS 6.6.0 to
> CAS 7.0.5 and I was running into the same issues with slow login times.
> Setting `server.tomcat.background-processor-delay=0s` seems to eliminate
> the performance issue in our case as well.
>
> I am curious if either of you are running CAS using the embedded tomcat
> container. The pull request that you referenced suggests there would/could
> be an issue with memory usage when using this setting.
>
> Thank you,
>
> Paul Taylor
> Senior Systems Analyst
> Vincennes University
>
> On Friday, March 15, 2024 at 7:48:05 AM UTC-4 John Shrader wrote:
>
>> Thank you for the update and advice. I tested in our dev environment and
>> saw no noticeable issues, but the safer option is preferred. I've updated
>> to using server.tomcat.background-processor-delay=0s  property and the
>> performance issues with SAML are still resolved.
>>
>> On Thu, Mar 14, 2024 at 4:35 PM Ocean Liu <li...@whitman.edu> wrote:
>>
>>> Hi John,
>>>
>>> We want to let you know we *removed* that configuration (which excludes
>>> the EmbeddedWebServerFactoryCustomizerAutoConfiguration) in our
>>> environment.
>>> We added server.tomcat.background-processor-delay=0s configuration, and
>>> it fixed the performance issue.
>>> This option is safer and has less impact.
>>>
>>> From a Unicon support:
>>>
>>> If you are deploying with an embedded tomcat container, excluding that
>>> component is likely catastrophic to your deployment and a major red flag.
>>>
>>> Without knowing what that exclusion does, this should and could very
>>> severely jeopardize the stability of your deployment.
>>>
>>> I would suggest that you remove the exclusion and instead set this:
>>> server.tomcat.background-processor-delay=0s
>>> You can follow the conversation here:
>>> https://github.com/apereo/cas/pull/5652
>>>
>>> Cheers,
>>> ​
>>>
>>
>>>
>>> On Thursday, March 14, 2024 at 10:14:58 AM UTC-7 John Shrader wrote:
>>>
>>>> Ocean,
>>>>
>>>> Thank you for this suggestion. I've been dealing with slow and CPU
>>>> intensive SAML response generation since switching to 7.0.x. Adding that to
>>>> my cas.properties fixed the problem entirely.
>>>>
>>>> On Wednesday, March 13, 2024 at 2:01:13 PM UTC-4 Ocean Liu wrote:
>>>>
>>>>> Thank you for sharing your insights!
>>>>>
>>>>> Though it’s been nearly 4 years since your original post, we wanted to
>>>>> provide an update on our progress.
>>>>>
>>>>> We’re currently in the process of migrating from CAS 5.3 to CAS 7.
>>>>> During testing, we noticed an issue where CAS 7 took over 6 seconds to
>>>>> generate the SAMLResponse XML, with CPU usage exceeding 120% on an AWS EC2
>>>>> instance with 1 vCPU.
>>>>>
>>>>> We experimented with the
>>>>> spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.web.embedded.EmbeddedWebServerFactoryCustomizerAutoConfiguration
>>>>> .
>>>>> Surprisingly, this resulted in a significant improvement, reducing
>>>>> response time to just *150ms* and lowering CPU usage to *11%*.
>>>>>
>>>>> It’s worth noting that CAS 7 utilizes Spring Boot 3.2, there may still
>>>>> be performance-related challenges with the embedded Tomcat auto
>>>>> configuration at this time.
>>>>>
>>>>> While we would have liked to create a minimal sample to submit to
>>>>> Spring Boot, our current focus is on completing the upgrade within our
>>>>> timeline constraints.
>>>>>
>>>>> Best,
>>>>>
>>>>> Ocean
>>>>> ​
>>>>>
>>>>> On Tuesday, March 24, 2020 at 6:10:15 AM UTC-7 John Bond wrote:
>>>>>
>>>>>>
>>>>>> Following up on this thread, it seems we have managed to reduce the
>>>>>> lag on our infrastructure by adding the following to
>>>>>> /et/cas/config/cas.properties
>>>>>>
>>>>>>   
>>>>>> spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.web.embedded.EmbeddedWebServerFactoryCustomizerAutoConfiguration
>>>>>>
>>>>>> I'm unsrue why this fixed the issue however i came across the
>>>>>> suggestion while attempting to configure a standalone war to work with an
>>>>>> external tomcat instance and hitting an error regarding a missing
>>>>>> method.
>>>>>>
>>>>>> <https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/wLuzUAxJGkU>
>>>>>>
>>>>>>
>>>>>> Adding the above config fixed the issue with the with the external
>>>>>> instance of tomcat however it also significantly reduced the lag we
>>>>>> observed when using the embeded war. If anyone is able to provide insight
>>>>>> into why this config parameter helped i would be intrested
>>>>>>
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>
>>
>> --
>> John Shrader
>> Administrator of Network Systems
>> Northwest State Community College
>> 22600 State Route 34
>> Archbold, OH 43502
>> (419) 267-1299
>> jshr...@northweststate.edu
>>
>

-- 
John Shrader
Administrator of Network Systems
Northwest State Community College
22600 State Route 34
Archbold, OH 43502
(419) 267-1299
jshra...@northweststate.edu

-- 
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOkBwvdfvR9gGRkyVV0Vh%2BXtHEPNZkKt7O4nuQeTavAQS7L-ZA%40mail.gmail.com.

Reply via email to