Hello Ray, First of all, thank you for your response. After sending this mail, i set up and ran the command with 200 concurrent request with 75 query per second with the tool i mentioned. First few times no 404's but after running the command 3rd or 4th time, 404's started appearing on the display and reporting it to me at the end of the test. About the query per second setting of this mini tool, it shows the reached query per second statistics when completed. So i can safely assume that it does the qps thing (i can't say if it can reach given count though)
I chose this tool called oha for the convenience and the display of the progress and results, but after your reply, i will try and use jmeter with the mentions on the docs. I think i'm trying a really niche case (using 1 user's TGT to call concurrent requests to ST generation endpoint). I'll check and get back on this. Thanks and a have good day YG 10 Ağustos 2024 Cumartesi tarihinde saat 05:49:54 UTC+3 itibarıyla Ray Bon şunları yazdı: > Yusuf, > > How long did the test run before the 400's? > Do you experience this when only one cas server is running? > Is that really 75 queries per second? > > > You might want to try jMeter load tests included with the cas project, > https://github.com/apereo/cas/tree/6.6.x/etc/loadtests > This way you can have more than one user and service. > > Ray > > On Fri, 2024-08-09 at 11:17 -0700, Y G wrote: > > Hello all, > I'm having a weird issue when doing a light load testing for a CAS with > Hazelcast enabled. > > The steps i took: > 1. Get a TGT for one user (by making a HTTP POST the /cas/v1/tickets with > username and password like explained here > <https://apereo.github.io/cas/6.6.x/protocol/REST-Protocol-Request-TicketGrantingTicket.html> > ) > 2. Using one TGT, repeatedly call the ST generation rest endpoint (HTTP > POST to */cas/v1/tickets/{{TGT}}?service={{MY-VALID-SERVICE-URL}}* like > explained here > <https://apereo.github.io/cas/6.6.x/protocol/REST-Protocol-Request-ServiceTicket.html>) > > by using this mini http load testing tool called *oha* > <https://github.com/hatoo/oha/releases>(couldn't make ab work) these bash > codes: > > export TGT={{TGT-VALUE- FROM-FIRST-STEP}} > > ./oha -m POST \ *-> makes > a post request* > --insecure \ *-> > allow insecure ssl * > -H "Content-Type: application/x-www-form-urlencoded" \ > -H "Accept: text/plain" \ * -> add > header* > -n 1000 \ *-> > total number of requests * > -q 75 \ *-> > QUERY_PER_SECONDcount* > -c 500 \ * > -> concurrent request count* > --latency-correction \ > https://localhost:8443/cas/v1/tickets/$TGT?service=https://localhost:8443 > > > *[image: oha-screenshot.png]* > > after a few couple of 100% successful HTTP 200 response codes, i started > seeing * HTTP 400 response*s that returns*:* > *"TGT-1-********4ij6IiQ-myhostname could not be found or is considered > invalid"* > > i checked the logs and only see INVALID_TICKET and > REST_API_SERVICE_TICKET_FAILED audit logs, couldn't see any more > information even if setting the log level to `trace`. > > i tried debugging it on the cas-overlay what i could find is an > InvalidTicketException thrown, and i couldn't find where is was thrown, and > can not see the code beyond the > CentralAuthenticationService.grantServiceTicket method (i couldn't find the > implementation class of this, anybody know this?) > > i even tested this issue on a 3 node cas cluster with embedded hazelcast's > properly set up and have the same problem. I tried setting > *cas.ticket.registry.core.enable-locking* to false (docs > <https://apereo.github.io/cas/6.6.x/ticketing/Hazelcast-Ticket-Registry.html>)and > > see any changes, only see that 404's converting to timeouts (did not give a > long timeout but nonetheless) > > I read about > https://apereo.github.io/cas/6.6.x/ticketing/Ticket-Registry-Locking.html > but i need more knowledge about this topic so here are my questions: > > 1. What's your opinion of this behaviour? why do you think this happens? > Does this issue really about this registry-locking? > 2. For a memory backed ticket registry, docs say (and i checked, it works) > default ticket registry implementation does its thing and it works for > single node with no problems on load, but what about clustered and > hazelcast-backed ticket registry??? has it been implemented? > 3. I tried debugging the cas-overlay project but could not properly walk > the stacktrace, anybody can show me the implementation of this interface > method: CentralAuthenticationService.grantServiceTicket? what does this > code do and where, and how to debug it? > > > Thanks for your patience and have a nice weekend. > Yusuf > > > > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a4030956-3b66-42f4-80f6-dbc9f1f4d129n%40apereo.org.
