Single sign-on or SSO enabled applications are expected to grow with the Compound Annual Growth Rate (CAGR) by 12.0% between 2020 and 2027. The market size value in 2020 was $0.94 Billion, which may rise up to $2.13 Billion in 2027.
Source: Orion Market Reports
Performance Testing For Apps With and Without SSO
Parameter |
Application Without SSO |
Application With SSO |
|---|---|---|
|
Script Development |
Only application-level authentication needs to be handled in the scripting. |
Both application and IdP level authentication need to be handled in scripting. |
|
Script Execution |
Login request may or may not be load tested. |
Login request requires load testing. |
|
Monitoring |
Only application and database server-level monitoring is required. |
All systems involved in SSO should be monitored along with app and DB servers. |
Performance Script Development and Execution Workflow
-
Areas to Monitor During Performance Testing
- Authentication token generation, availability, and refresh time.
- SSO traffic such as redirect URLs and user request attributes.
- GET/POST web services requests to SSO/IdP server.
- Third-party APIs using scripts (synthetic monitoring).
-
Challenges
- Script development is complex due to additional requests (Service Provider and IdP request/response) and SAML token.
- Difficult to find the root cause of login failures.
- Assessing slow response time factors like network latency and application/server wait times.
-
Best Practices
- Automatically redirect all requests to handle multiple redirects due to request passing to IdPs.
- For running specific SSO test cases, enable the login script followed by a scenario script to check the impact of SSO for each use case.
- Use Cookie Manager Configuration to manage cookies.
- While running the performance scripts, monitor resources on service provider & IdP servers.
- Use a reliable extractor option (like regular expression, CSS extractor, and XPath extractor) for handling dynamic SAML tokens.
- Choose a high-performance SSO protocol.
- Manage the cache and set appropriate refresh times.
Important Load Testing Scenarios
Conclusion
As SSO enabled applications provide an extra layer of security, it is important to load test the application before and after enabling SSO to make sure your application maintains your predefined performance benchmarks.
Have Suggestions?
We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com
