Load tests for GovSSO service (both Ory Hydra and GovSSO-Session).
- Java 17 JDK
- Checkout GovSSO-Session and follow instructions in README.md to bring up Docker Compose containers with required services.
- If reading this in IntelliJ IDEA, enable Mermaid.js support in Markdown files .
flowchart LR
USER((User))
BROWSER[Browser]
TARA[TARA]
USER---BROWSER
BROWSER-->CLIENT_APP
subgraph Institution
CLIENT_APP[Client Application]
end
BROWSER--->GOVSSO
BROWSER--->OIDC
subgraph GOVSSO service
GOVSSO[GOVSSO SESSION]
OIDC[GOVSSO OIDC]
GOVSSO--->OIDC
end
BROWSER--->TARA
GOVSSO-->TARA
CLIENT_APP<-->GOVSSO
sequenceDiagram
actor User Agent
participant Client Application
participant GOVSSO SESSION
participant GOVSSO OIDC
participant TARA
User Agent->>Client Application:1. Log in: client/oauth2/authorization
activate User Agent
activate Client Application
Client Application-->>Client Application: No session. Start Authorize Code Flow.
Client Application-->>User Agent: Redirect: govsso-oidc/oauth2/auth
deactivate Client Application
User Agent->>GOVSSO OIDC: 2. Get: govsso-oidc/oauth2/auth
activate GOVSSO OIDC
GOVSSO OIDC-->>User Agent: Redirect: govsso/login/init?login_challenge
deactivate GOVSSO OIDC
User Agent->>GOVSSO SESSION: 3. Get: govsso/login/init?login_challenge
activate GOVSSO SESSION
GOVSSO SESSION->>GOVSSO OIDC: Get Login Request Info.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>GOVSSO SESSION: Check if GOVSSO session exists?
GOVSSO SESSION-->>User Agent: Redirect: tara/oidc/authorize
deactivate GOVSSO SESSION
User Agent->>TARA: 4. Get: tara/oidc/authorize
activate TARA
TARA-->>TARA: Authentication in TARA.
TARA-->>User Agent: Redirect: govsso/login/taracallback
deactivate TARA
User Agent->>GOVSSO SESSION: 5. Get: govsso/login/taracallback
activate GOVSSO SESSION
GOVSSO SESSION->>GOVSSO OIDC: Get Login Request Info.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION->>TARA: TARA identity token request.
activate TARA
TARA-->>GOVSSO SESSION:
deactivate TARA
GOVSSO SESSION->>GOVSSO OIDC: Accept login.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>User Agent: Redirect: govsso-oidc/oauth2/auth?login_verifier
deactivate GOVSSO SESSION
User Agent->>GOVSSO OIDC: 6. Get: govsso-oidc/oauth2/auth?login_verifier
activate GOVSSO OIDC
GOVSSO OIDC-->>User Agent: Redirect: govsso/consent/init
deactivate GOVSSO OIDC
User Agent->>GOVSSO SESSION: 7. Get: govsso/consent/init
activate GOVSSO SESSION
GOVSSO SESSION->>GOVSSO OIDC: Get Consent Request Info.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION->>GOVSSO OIDC: Accept consent.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>User Agent: Redirect: govsso-oidc/oauth2/auth?consent_verifier
deactivate GOVSSO SESSION
User Agent->>GOVSSO OIDC: 8. Get: govsso-oidc/oauth2/auth?consent_verifier
activate GOVSSO OIDC
GOVSSO OIDC-->>User Agent: Redirect: client/oauth/code
deactivate GOVSSO OIDC
User Agent->>Client Application: 9. Get: client/oauth/code
activate Client Application
Client Application->>GOVSSO OIDC: GOVSSO identity token request.
activate GOVSSO OIDC
GOVSSO OIDC-->>Client Application:
deactivate GOVSSO OIDC
Client Application-->>Client Application: Create session.
Client Application-->>User Agent: Logged in. Redirect: client/dashboard
deactivate Client Application
User Agent->>Client Application: 10. Get: client/dashboard
activate Client Application
Client Application-->>User Agent:
deactivate Client Application
deactivate User Agent
sequenceDiagram
actor User Agent
participant Client Application
participant GOVSSO SESSION
participant GOVSSO OIDC
User Agent->>Client Application:1. Log in: client/oauth2/authorization
activate User Agent
activate Client Application
Client Application->>GOVSSO OIDC: No session. Start Authorize Code Flow
activate GOVSSO OIDC
GOVSSO OIDC-->>Client Application:
deactivate GOVSSO OIDC
Client Application-->>User Agent: Redirect: govsso-oidc/oauth2/auth
deactivate Client Application
User Agent->>GOVSSO OIDC: 2. Get: govsso-oidc/oauth2/auth
activate GOVSSO OIDC
GOVSSO OIDC-->>User Agent: Redirect: govsso/login/init?login_challenge
deactivate GOVSSO OIDC
User Agent->>GOVSSO SESSION: 3. Get: govsso/login/init?login_challenge
activate GOVSSO SESSION
GOVSSO SESSION->>GOVSSO OIDC: Get Login Request Info.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>GOVSSO SESSION: Check if GOVSSO session exists?
GOVSSO SESSION->>GOVSSO OIDC: Session found. Get Active Consents.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>GOVSSO SESSION: Check if valid consent exists?
GOVSSO SESSION-->>User Agent: Consent exists. Return continue/reauthenticate view.
deactivate GOVSSO SESSION
User Agent->>GOVSSO SESSION: 4. Post: govsso/login/continuesession
activate GOVSSO SESSION
GOVSSO SESSION->>GOVSSO OIDC: Get Login Request Info.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION->>GOVSSO OIDC: Get active consents.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>GOVSSO SESSION: Check if valid consent exists?
GOVSSO SESSION->>GOVSSO OIDC: Accept Login.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>User Agent: Redirect: govsso-oidc/oauth2/auth?login_verifier
deactivate GOVSSO SESSION
User Agent->>GOVSSO OIDC: 5. Get: govsso-oidc/oauth2/auth?login_verifier
activate GOVSSO OIDC
GOVSSO OIDC-->>User Agent: Redirect: govsso/consent/init
deactivate GOVSSO OIDC
User Agent->>GOVSSO SESSION: 6. Get: govsso/consent/init
activate GOVSSO SESSION
GOVSSO SESSION->>GOVSSO OIDC: Get Consent Request Info.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION->>GOVSSO OIDC: Accept consent.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>User Agent: Redirect: govsso-oidc/oauth2/auth?consent_verifier
deactivate GOVSSO SESSION
User Agent->>GOVSSO OIDC: 7. Get: govsso-oidc/oauth2/auth?consent_verifier
activate GOVSSO OIDC
GOVSSO OIDC-->>User Agent: Redirect: client/oauth/code
deactivate GOVSSO OIDC
User Agent->>Client Application: 8. Get: client/oauth/code
activate Client Application
Client Application->>GOVSSO OIDC: GOVSSO identity token request.
activate GOVSSO OIDC
GOVSSO OIDC-->>Client Application:
deactivate GOVSSO OIDC
Client Application-->>Client Application: Create session.
Client Application-->>User Agent: Logged in. Redirect: client/dashboard
deactivate Client Application
User Agent->>Client Application: 9. Get: client/dashboard
activate Client Application
Client Application-->>User Agent:
deactivate Client Application
deactivate User Agent
sequenceDiagram
actor User Agent
participant Client Application
participant GOVSSO SESSION
participant GOVSSO OIDC
User Agent->>Client Application:1. Start silent refresh. Post client/oauth2/refresh/govsso
activate User Agent
activate Client Application
Client Application-->>Client Application: Client application session check. Start Refresh Token Flow.
Client Application-->>GOVSSO OIDC: post /token
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO OIDC: Refresh token session check. New refresh token and ID token.
GOVSSO OIDC-->>Client Application:
deactivate GOVSSO OIDC
Client Application-->>Client Application: Store new refresh token and ID token.
Client Application-->>User Agent: Signal user agent that the session update request was successful.
deactivate Client Application
deactivate User Agent
sequenceDiagram
actor User Agent
participant Client Application
participant GOVSSO SESSION
participant GOVSSO OIDC
User Agent->>Client Application:1. Logout: client/oauth/logout
activate User Agent
activate Client Application
Client Application-->>Client Application: End session
Client Application-->>User Agent: Redirect: govsso-oidc/oauth2/sessions/logout?id_token_hint
deactivate Client Application
User Agent->>GOVSSO OIDC:2. Get: govsso-oidc/oauth2/sessions/logout?id_token_hint
activate GOVSSO OIDC
GOVSSO OIDC-->>User Agent: Redirect: govsso/logout/init?logout_challenge
deactivate GOVSSO OIDC
User Agent->>GOVSSO SESSION:3. Get: govsso/logout/init?logout_challenge
activate GOVSSO SESSION
GOVSSO SESSION->>GOVSSO OIDC: Get Logout Request Info.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
GOVSSO SESSION->>GOVSSO OIDC: Get Active Consents.
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>GOVSSO SESSION: Check if session related consents exist?
GOVSSO SESSION->>GOVSSO OIDC: No session related consents. Accept logout.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>User Agent: Redirect: govsso-oidc/oauth2/sessions/logout?logout_verifier
deactivate GOVSSO SESSION
User Agent->>GOVSSO OIDC:4. Get: govsso-oidc/oauth2/sessions/logout?logout_verifier
activate GOVSSO OIDC
GOVSSO OIDC-->>User Agent: Redirect: client/redirecturl
deactivate GOVSSO OIDC
User Agent->>Client Application:5. Get: client/redirecturl
activate Client Application
Client Application-->>User Agent:
deactivate Client Application
deactivate User Agent
sequenceDiagram
actor User Agent
participant Client A Application
participant GOVSSO SESSION
participant GOVSSO OIDC
participant Client B Application
User Agent->>Client A Application:1. Logout: client/oauth/logout
activate User Agent
activate Client A Application
Client A Application-->>Client A Application: End session
Client A Application-->>User Agent: Redirect: govsso-oidc/oauth2/sessions/logout?id_token_hint
deactivate Client A Application
User Agent->>GOVSSO OIDC:2. Get: govsso-oidc/oauth2/sessions/logout?id_token_hint
activate GOVSSO OIDC
GOVSSO OIDC-->>User Agent: Redirect: govsso/logout/init?logout_challenge
deactivate GOVSSO OIDC
User Agent->>GOVSSO SESSION:3. Get: govsso/logout/init?logout_challenge
activate GOVSSO SESSION
GOVSSO SESSION->>GOVSSO OIDC: Get Logout Request Info.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
GOVSSO SESSION->>GOVSSO OIDC: Get Active Consents.
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>GOVSSO SESSION: Check if session related consents exist?
GOVSSO SESSION->>GOVSSO OIDC: Session related consents found. Delete consent for logout requested client.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>User Agent: Return logout view
deactivate GOVSSO SESSION
alt continue sessions
User Agent->>GOVSSO SESSION:4. Post: govsso/logout/continuesession
activate GOVSSO SESSION
Note right of GOVSSO SESSION: No additional consents are deleted
GOVSSO SESSION->>GOVSSO OIDC: Get Logout Request Info.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>User Agent: Redirect: client/redirecturl
deactivate GOVSSO SESSION
else end all sessions
User Agent->>GOVSSO SESSION:4. Post: govsso/logout/endsession
activate GOVSSO SESSION
GOVSSO SESSION->>GOVSSO OIDC: Get Logout Request Info.
activate GOVSSO OIDC
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION->>GOVSSO OIDC: Accept logout.
activate GOVSSO OIDC
GOVSSO OIDC--)Client B Application: Back Channel logout.
activate Client B Application
Client B Application-->>Client B Application: End Session
deactivate Client B Application
GOVSSO OIDC-->>GOVSSO SESSION:
deactivate GOVSSO OIDC
GOVSSO SESSION-->>User Agent: Redirect: client/redirecturl
deactivate GOVSSO SESSION
end
User Agent->>Client A Application:5. Get: client/redirecturl
activate Client A Application
Client A Application-->>User Agent:
deactivate Client A Application
deactivate User Agent
| Parameter | Mandatory | Default value | Description, example |
|---|---|---|---|
gatling.simulationClass |
Yes | Simulation to execute. Example ee.ria.govsso.perftest.MultiClientSimulation |
|
injectorProfile |
No | RAMP_USERS |
Injector profile to execute. Any of RAMP_USERS, STRESS_RAMP_USERS, STRESS_PEAK_USERS |
clientA |
No | https://clienta.localhost:11443 |
Client A URL. |
clientB |
No | https://clientb.localhost:12443 |
Client B URL. |
maxSessionTime |
No | 43200 |
Maximum session time in seconds that is allowed by GovSSO-Session service. |
sessionRefreshInterval |
No | 780 |
Session refresh interval in seconds. |
sessionRefreshWithPause |
No | false |
Simulate session refresh flow with actual pauses between intervals. Example: If sessionRefreshInterval=15, maxSessionTime=12 and sessionRefreshWithPause=false, then session refresh flow is performed N=43200/780=55 times, without pauses in between. |
sequenceDiagram
actor User Agent
participant Client Application A
participant GOVSSO
User Agent->>Client Application A: Login
activate User Agent
Client Application A->>GOVSSO:
Note over Client Application A,GOVSSO: Authentication flow
GOVSSO-->>Client Application A:
Client Application A-->>User Agent:
deactivate User Agent
sequenceDiagram
actor User Agent
participant Client Application A
participant GOVSSO
User Agent->>Client Application A: Login
activate User Agent
Client Application A->>GOVSSO:
Note over Client Application A,GOVSSO: Authentication flow
GOVSSO-->>Client Application A:
Client Application A-->>User Agent:
User Agent->>Client Application A: Refresh
activate User Agent
Client Application A->>GOVSSO:
Note over Client Application A,GOVSSO: Refresh session flow
GOVSSO-->>Client Application A:
Client Application A-->>User Agent:
deactivate User Agent
sequenceDiagram
actor User Agent
participant Client Application A
participant GOVSSO
User Agent->>Client Application A: Login
activate User Agent
Client Application A->>GOVSSO:
Note over Client Application A,GOVSSO: Authentication flow
GOVSSO-->>Client Application A:
Client Application A-->>User Agent:
loop Repeat N times, with/without pause
User Agent-)Client Application A: Refresh
Client Application A-)GOVSSO:
Note over Client Application A,GOVSSO: Refresh session flow
GOVSSO--)Client Application A:
Client Application A--)User Agent:
end
User Agent->>Client Application A: Logout
Client Application A->>GOVSSO:
Note over Client Application A,GOVSSO: Logout flow
GOVSSO-->>Client Application A:
Client Application A-->>User Agent:
deactivate User Agent
sequenceDiagram
actor User Agent
participant Client Application A
participant Client Application B
participant GOVSSO
User Agent->>Client Application A: Login
activate User Agent
Client Application A->>GOVSSO:
Note over Client Application A,GOVSSO: Authentication flow
GOVSSO-->>Client Application A:
Client Application A-->>User Agent:
User Agent->>Client Application B: Login
Client Application B->>GOVSSO:
Note over Client Application B,GOVSSO: Continue authentication flow
GOVSSO-->>Client Application B:
Client Application B-->>User Agent:
loop Repeat N times, with/without pause
User Agent-)Client Application A: Refresh
Client Application A-)GOVSSO:
Note over Client Application A,GOVSSO: Refresh session flow
GOVSSO--)Client Application A:
Client Application A--)User Agent:
User Agent-)Client Application B: Refresh
Client Application B-)GOVSSO:
Note over Client Application B,GOVSSO: Refresh session flow
GOVSSO--)Client Application B:
Client Application B--)User Agent:
end
User Agent->>Client Application A: Logout
Client Application A->>GOVSSO:
Note over Client Application A,GOVSSO: Logout with continue sessions flow
GOVSSO-->>Client Application A:
Client Application A-->>User Agent:
User Agent->>Client Application B: Logout
Client Application B->>GOVSSO:
Note over Client Application B,GOVSSO: Logout flow
GOVSSO-->>Client Application B:
Client Application B-->>User Agent:
deactivate User Agent
Read more about Injection profiles.
This performance test contains some predefined injector profiles to execute scenario.
TODO: Explain reasoning and add illustrative gatling response time reports.
Injects users distributed evenly on given duration.
| Parameter | Mandatory | Default value | Description, example |
|---|---|---|---|
duration |
No | 3600 |
Duration of each ramping stage. |
rampUsers |
No | 5 |
Number of users distributed evenly on given duration. |
injectOpen(
rampUsers(rampUsers).during(ofSeconds(duration)))
)
Injects users at a constant rate in stages, defined in users per second, during a given duration. Users will be injected at randomized intervals.
| Parameter | Mandatory | Default value | Description, example |
|---|---|---|---|
duration |
No | 3600 |
Duration of each ramping stage. |
startRampUsers |
No | 0 |
Users at start stage. |
rampUsers |
No | 5 |
Number of users to ramp up at each stage. |
maxRampUsers |
No | 30 |
Max users at peak stage. |
Example:
duration = 120startRampUsers = 30rampUsers = 10maxRampUsers = 60
Will generate injector profile:
injectOpen(
constantUsersPerSec(30).during(ofSeconds(120)).randomized()
constantUsersPerSec(40).during(ofSeconds(120)).randomized()
constantUsersPerSec(50).during(ofSeconds(120)).randomized()
constantUsersPerSec(60).during(ofSeconds(120)).randomized()
constantUsersPerSec(50).during(ofSeconds(120)).randomized()
constantUsersPerSec(40).during(ofSeconds(120)).randomized()
constantUsersPerSec(30).during(ofSeconds(120)).randomized()
)
Injects a given number of users following a smooth approximation of the heaviside step function stretched to a given duration.
| Parameter | Mandatory | Default value | Description, example |
|---|---|---|---|
duration |
No | 3600 |
Duration of each ramping stage. |
peakUsers |
No | 100000 |
Number of users distributed evenly on given duration. |
injectOpen(
stressPeakUsers(peakUsers).during(ofSeconds(duration)))
)
With default parameters:
./mvnw gatling:test -Dgatling.simulationClass=ee.ria.govsso.perftest.MultiClientSimulationWith custom parameters:
./mvnw gatling:test -Dgatling.simulationClass=ee.ria.govsso.perftest.MultiClientSimulation -DclientA=https://clienta.localhost:8443 -DclientB=https://clientb.localhost:9443