Server Tuning Advanced Tuning Configurations
24.4 Oracle HTTP Server Tuning
If Oracle Identity Federation is fronted by Oracle HTTP Server OHS, then the configuration of the HTTP Server can be tuned to increase performance. For more information on Oracle HTTP Server, see Oracle Fusion Middleware Administrators Guide for Oracle HTTP Server. The following parameters can be changed in the httpd.conf file of the OHS. For additional Oracle HTTP tuning configurations, see Chapter 5, Oracle HTTP Server Performance Tuning . Consult your use case scenarios to determine what your settings should be. ■ Timeout ■ KeepAlive ■ MaxKeepAliveRequests ■ KeepAlive TimeOut ■ MinSpareServers ■ MaxSpareServers ■ StartServers ■ MaxClients ■ MaxRequestPerChild After modifying these parameters, save and restart OHS.24.5 SAML Protocol Tuning
The Security Assertion Markup Language SAML protocol involves interacting with remote servers through the use of the Simple Object Access Protocol SOAP.24.5.1 SOAP Connections
The Oracle Identity Federation server uses the SOAP protocol to send SAML Requests and to receive SAML Responses. To optimize performance, configure the following SOAP connections: 24-6 Oracle Fusion Middleware Performance and Tuning Guide ■ Total maximum number of SOAP connections that Oracle Identity Federation can open at the same time ■ Maximum number of SOAP connections that Oracle Identity Federation can open at the same time to a given remote server For more information, see SOAP Binding in Oracle Fusion Middleware Administrators Guide for Oracle Identity Federation.24.5.2 XML Digital Signatures
The SAML and WS-Fed protocols of Oracle Identity Federation rely on XML Digital Signatures to ensure the authenticity of messages and that messages are not tampered with. When possible, sign the Assertion andor the Response to prevent any modifications. When no XML Digital Signature is present on the message, the audited message that is archived does not contain any data that proves the authenticity and integrity of the message. Configuring Oracle Identity Federation to not sign Assertion andor Response may be appropriate if: ■ Performance must be improved ■ SSL with SSL authentication is enabled for SOAP communications ■ Disabling XML Digital Signatures is compliant with company security regulations24.5.3 POST and Artifact Single Sign-On Profiles
There are two Single Sign-On profiles defined by the SAML specifications: ■ POST Profile In the POST profile, the Assertion transits through the users browser, therefore the Assertion andor the Response must be signed to ensure that the content has not been modified. ■ Artifact Profile In the Artifact profile, the Identity Provider creates a random identifier referencing the Assertion in the IdPs local store. The Assertion is provided directly from the Identity Provider to the Service Provider. That identifier is carried by the users browser and presented to the Service Provider that contacts the Identity Provider to de-reference the identifier and retrieve the corresponding Assertion. If the SOAP connection made from the SP to the IdP is encrypted using the SSL protocol with an SSL Server Certificate, then the SP authenticates the IdP and the content of the communication has not been tampered with: in this case, the Note: The content of the Assertion is viewable unless SAML 2 Encryption is used. Encrypting the Assertion is optional, but XML Encryption is resource intensive and decreases performance Note: If the performance must be improved and if using the POST profile is compliant with company security regulations, then configuring Oracle Identity Federation to use the POST profile may be an option to improve performance. Oracle Identity Federation Performance Tuning 24-7 transport layer is providing the authenticity and the integrity of the message, and the XML Digital Signature on the SAML Response and Assertion can be optional. If no XML Digital Signature is present on the message, then the audited message that is archived does not contain any data that proves the authenticity and integrity of the message. Note: Since the Artifact profile involves additional communication flow between the Service Provider and the Identity Provider, performance may be slower when using the Artifact profile.Parts
» Oracle Fusion Middleware Online Documentation Library
» Document Scope and Audience Guide to this Document
» Related Documentation Oracle Fusion Middleware Online Documentation Library
» About Identifying Top Performance Areas
» Ensure the Hardware Resources are Sufficient
» Selecting a Garbage Collection Scheme
» Disabling Explicit Garbage Collection
» Logging Low Memory Conditions
» Monitoring and Profiling the JVM
» Initialization Parameters for Oracle 10g
» Initialization Parameters for Oracle 11g
» Tuning Redo Logs Location and Sizing
» Automatic Segment-Space Management ASSM
» Reuse Database Connections Oracle Fusion Middleware Online Documentation Library
» Enable Data Source Statement Caching
» MaxClientsThreadsPerChild HTTP Connection Limits
» Setting the Maximum Number of Connections for Data Sources Tuning the WebLogic Sever Thread Pool
» Tuning Oracle WebCenter Concurrency
» Tuning BPEL Concurrency Control Concurrency
» Set Logging Levels Oracle Fusion Middleware Online Documentation Library
» About Oracle Fusion Middleware Performance Planning
» Define Operational Requirements Identify Performance Goals
» Understand User Expectations Define Your Performance Objectives
» Conduct Performance Evaluations Define Your Performance Objectives
» Design Applications for Performance and Scalability
» Monitor and Measure Your Performance Metrics
» Measuring Your Performance Metrics
» Viewing Performance Metrics Using Fusion Middleware Control
» Oracle WebLogic Server Administration Console
» WebLogic Diagnostics Framework WLDF
» Viewing Performance Metrics Using the Spy Servlet
» Oracle Process Manager and Notification Server Oracle Enterprise Manager 11g Grid Control
» Native Operating System Performance Commands Network Performance Monitoring Tools
» How Persistent Connections Can Reduce Httpd Process Availability
» Access Logging Oracle HTTP Server Logging Options
» Configuring the HostNameLookups Directive
» Error logging Oracle HTTP Server Logging Options
» Oracle HTTP Server SSL Caching
» SSL Application Level Data Encryption SSL Performance Recommendations
» Oracle HTTP Server Port Tunneling Performance Issues
» Analyze Static Versus Dynamic Requests
» Beware of a Single Data Point Yielding Misleading Results
» Beware of Having More Modules
» Monitoring Oracle HTTP Server
» DMS Nouns Common DMS Terms and Concepts
» DMS Sensors Common DMS Terms and Concepts
» DMS Availability Oracle Fusion Middleware Online Documentation Library
» DMS Architecture Overview Oracle Fusion Middleware Online Documentation Library
» Viewing Metrics Using the Spy Servlet
» Viewing metrics with JConsole
» Accessing DMS Metrics with WLDF
» DMS Execution Requests and Sub-Tasks
» DMS Execution Context Communication
» Adding and Editing Destinations
» Adding and Editing Event Routes
» Compound Operations Configuring the DMS Event System
» MBean Creator Destination HTTP Request Tracker Destination JRockit Flight Recorder Destination
» Understanding DMS Event Output
» Understanding DMS Event Actions
» DMS Best Practices Oracle Fusion Middleware Online Documentation Library
» About Oracle Metadata Services MDS
» Reclaim Disk Space Monitor the Database Performance
» Using Database Polling Interval for Change Detection
» Document Cache Tuning Cache Configuration
» Analyzing Performance Impact from Customization
» Understanding DMS metrics and Characteristics
» About Oracle ADF Oracle Fusion Middleware Online Documentation Library
» Oracle ADF Faces Configuration and Profiling
» Performance Considerations for ADF Faces
» Tuning ADF Faces Component Attributes
» Performance Considerations for Table and Tree Components
» Performance Considerations for autoSuggest
» Data Delivery - Lazy versus Immediate
» Performance Considerations for DVT Components
» Creating View Objects View Objects Tuning
» Configuring View Object Data Fetching
» Additional View Object Configurations
» Batch Processing ADF Server Performance
» General AM Pool Configurations
» AM Pool Sizing Configurations
» AM Pool Resource Cleanup Configurations
» ADFc: Region Usage ADF Server Performance
» Reusing Static Data ADF Server Performance
» Conditional Validations ADF Server Performance
» About Oracle TopLink and EclipseLink
» Entity Relationships Query Parameter Tuning
» Cache Refreshing Scenarios Cache Configuration Tuning
» Locking Modes Cache Configuration Tuning
» Coherence Integration Oracle Fusion Middleware Online Documentation Library
» Mapping and Descriptor Configurations
» Analyzing EclipseLink JPA Entity Performance
» Hardware Resources Optimizing Hardware Resources
» Configuring WebCache Memory Memory Configuration
» Network Bandwidth Optimizing Network Connections
» Network Connections Optimizing Network Connections
» Network-Related Parameters Optimizing Network Connections
» Optimizing Response Time Oracle Fusion Middleware Online Documentation Library
» Optimizing Performance with Oracle ADF
» About SOA Suite Configuration Properties
» Configuring Data Sources for SOA Weblogic Server Performance Tuning
» Modifying SOA Configuration Parameters JVM Tuning Parameters About Oracle Business Rules
» Use Java Beans Basic Tuning Considerations
» Assert Child Facts instead of Multiple Dereferences
» Avoid Side Affects in Rule Conditions
» Avoid Expensive Operations in Rule Conditions
» Consider Pattern Ordering Basic Tuning Considerations
» Consider the Ordering of Tests in Rule Conditions
» Use Functions Instead of AssertXPath and Supports XPath
» Dispatcher Invoke Threads BPEL Threading Model
» Dispatcher Engine Threads BPEL Threading Model
» Dispatcher System Threads BPEL Threading Model
» Dispatcher Maximum Request Depth
» Audit Level Basic Tuning Considerations
» AuditDetailThreshold Basic Tuning Considerations
» LargeDocumentThreshold Basic Tuning Considerations
» Validate XML Basic Tuning Considerations
» SyncMaxWaitTime Basic Tuning Considerations
» InstanceKeyBlockSize Basic Tuning Considerations
» Tables Impacted By Instance Data Growth
» About Oracle Mediator Oracle Fusion Middleware Online Documentation Library
» metricsLevel Basic Tuning Considerations
» Domain-Value Maps Basic Tuning Considerations
» Deferred Routing Rules Basic Tuning Considerations
» Resequencer Basic Tuning Considerations
» Audit Level LargeDocumentThreshold Basic Tuning Considerations
» Dispatcher Engine Threads Basic Tuning Considerations
» Dispatcher Invoke Threads Basic Tuning Considerations
» Process Measurement Tuning Process Analytics
» Tuning Process Cubes Tuning Process Analytics
» Minimize Client Response Time
» Choose the Right Workflow Service Client
» Narrow Qualifying Tasks Using Precise Filters
» Retrieve Subset of Qualifying Tasks Paging
» Fetch Only the Information That Is Needed for a Qualifying Task
» Reduce the Number of Return Query Columns Use the Aggregate API for Charting Task Statistics
» Use the Count API Methods for Counting the Number of Tasks
» Create Indexes On Demand for Flexfields
» Use the doesTaskExist Method
» Archive Completed Instances Periodically
» Select the Appropriate Workflow Callback Functionality
» Minimize Performance Impacts from Notification
» Deploy Clustered Nodes Improving Server Performance
» Use Workflow Reports to Monitor Progress
» Specify Escalation Rules Completing Workflows Faster
» Specify User and Group Rules for Automated Assignment
» Use Task Views to Prioritize Work
» Tuning Identity Provider Oracle Fusion Middleware Online Documentation Library
» Tuning the Database Oracle Fusion Middleware Online Documentation Library
» About Oracle Adapters Oracle Fusion Middleware Online Documentation Library
» Inbound Throttling Best Practices
» Outbound Throttling Best Practices
» Outbound Performance Best Practices
» JCA Adapter Basic Tuning Considerations
» Existence Checking Oracle JCA Adapter for Database Tuning
» adapter.jms.receive.threads Property
» Oracle Socket Adapter Tuning Oracle MQ Adapter Tuning
» Tune the Active Data Retrieval Interval
» Message Batching Enterprise Message Source Tuning
» About Oracle Business Activity Monitoring About Oracle User Messaging Services
» SMPP Driver Performance Tuning
» Email Driver Polling Frequency
» Database Tuning for Optimal Throughput
» MDS Cache Size Oracle Fusion Middleware Online Documentation Library
» Number of Threads Oracle Fusion Middleware Online Documentation Library
» JMS Multiple Out Queues Setting
» Design Time Considerations for Proxy Applications
» Design Considerations for XQuery Tuning
» About Oracle Internet Directory
» Introduction to Tuning Oracle Internet Directory
» Database Parameters Basic Tuning Considerations
» LDAP Server Attributes Basic Tuning Considerations
» Database Statistics Basic Tuning Considerations
» Replication or Oracle Directory Integration Platform Replication Server Configuration
» Garbage Collection Configuration Advanced Configurations
» Oracle Internet Directory with Oracle RAC Database
» Password Policies and Verifier Profiles
» Values for Configuring the Entry Cache
» Tuning Security Event Tracking
» Number of Entries to be Returned by a Search
» Timeout for Write Operations
» Bulk Load Operation Specific Use Cases
» Bulk Delete Operation Specific Use Cases
» High LDAP Write Operations Load
» Entry Cache Enabled Configuration
» Entry Cache Disabled Configuration.
» Optimizing Searches for Skewed Attributes
» Optimizing Performance of Complex Search Filters
» Updating Database Statistics by Using oidstats.sql
» Setting Performance-Related Replication Configuration Attributes
» Modifying Instance-Specific Attributes by Using Fusion Middleware Control
» Modifying Shared Attributes by Using Fusion Middleware Control
» Modifying Performance-Related Instance-Specific Configuration Entry Attributes
» About Oracle Virtual Directory Basic Tuning Considerations
» Database Adapters Advanced Tuning Configurations
» Join Adapters Advanced Tuning Configurations
» General Filter Tuning Advanced Tuning Configurations
» Load Balancer Local Store Adapter Tuning
» Cache Hit Logic Cache Plug-In Tuning
» Cache Plug-in Memory Management
» LDAP Listener Tuning Advanced Tuning Configurations
» Server Tuning Advanced Tuning Configurations
» Connection Pool Settings Connection Settings Federation Data Store Settings
» RDBMS Compression Database Tuning
» About Oracle Identity Federation Oracle HTTP Server Tuning
» SOAP Connections SAML Protocol Tuning
» XML Digital Signatures POST and Artifact Single Sign-On Profiles
» About Security Services Oracle Fusion Middleware Online Documentation Library
» OPSS PDP Service Tuning Parameters
» Policy Manager Oracle Web Services Security Tuning
» Configuring the Log Assertion to Record SOAP Messages
» Monitoring the Performance of Web Services
» Setting System Limit Setting JDBC Data Source
» Setting JRockit Virtual Machine JVM Arguments Using Content Compression to Reduce Downloads
» Setting HTTP Session Timeout Setting JSP Page Timeout
» Setting ADF Client State Token
» Setting ADF View State Compression
» Setting MDS Cache Size and Purge Rate Configuring Concurrency Management
» Tuning Performance of the Announcements Service
» Tuning Performance of the Discussions Service
» Tuning Performance of the Portlet Service
» Enabling Java Object Cache for WSRP Producers
» Suppressing Optimistic Rendering for WSRP Portlets
» Tuning Performance of Oracle PDK-Java Producers
» Setting ExcludedActionScopeRequestAttributes for Portlets
» Setting DefaultServedResourceRequiresWsrpRewrite for WSRP Portlets
» Setting DefaultProxiedResourceRequiresWsrpRewrite for WSRP Portlets
» Importing Consumer CSS Files in IFrame Portlets
» Configuring Portlet Timeout Tuning Portlet Configuration
» Tuning Performance of OmniPortlet
» Segregation of Network Traffic Segregation of Processes and Hardware Interrupt Handlers
» CPU Requirements Memory Requirements
Show more