Hi guys, I’m working with Keycloak as part of my master’s thesis, I’m testing various types of authentication flows, and I’d like to know what metrics the use of the different flows affects Keycloak. What values or parameters might be affected? For example, using MFA with OTP affects x more than using normal Login (username + password).
Roughly, I’d look at “friction” which would be the increase in difficulty between plain username / password and additional factors. Some metrics could be
- Number of failed login attempts
- Number of locked accounts
- Number of additional account resets required (ex, redoing the Authenticator app)
1 Like
Good morning, and thanks for your reply. The type of metrics I was looking for weren’t exactly those, they were more metrics related to the impact that the different types of authentication have on Keycloak, at a system level.
In that case, I’d start by benchmarking the following flows with the cache turned off.
- Basic authentication
- Direct grants authentication
- Client certificate authentication
These are all direct, single calls to Keycloak. The benchmark would be a sustained sequence of calls, say 2 hours with cache off. I’d test a hypothesis that basic authentication and direct grants authentication will be faster because fewer cryptographic functions are involved. This would be a latency metric.
If you can get IO metrics, look for number of disk reads. This gets less meaningful with the off-the-shelf H2 database and you’ll find yourself drifting into more metrics related to an external database.
Lastly, over the course of the test – say the 2 hrs – and after restarts, examine the RAM usage.
OTP will be a little tougher to test because that involves a second logical operation. At a minimum, you’ll call an external program to get the code which affects the latency test.
Good luck
1 Like