Tuning Server Settings

AM has a number of settings that can be tuned to increase performance.

Logging Settings

The following general points apply:

  • Set debug logging level to error.

  • Set container-level logging to a low level, such as error or severe.

Notification Settings

AM has two thread pools used to send notifications to clients. The Service Management Service (SMS) thread pool can be tuned in the AM console, under Configure > Server Defaults > SDK > Data Store:

SMS Notification Setting
PropertyDefault ValueSuggestions
Notification Pool Size1

Specifies the size of the thread pool used to send notifications. A value of 1 causes notifications to be processed sequentially, avoiding any potential out-of-order conditions. In production, where configuration is unlikely to change often, keeping the default of 1 is recommended.

(com.sun.identity.sm.notification.threadpool.size)


The session service has its own thread pool to send notifications to listeners about changes to CTS-based sessions. This is configured under Configure > Server Defaults > Session > Notification:

Session Service Notification Settings
PropertyDefault ValueSuggestions
Notification Pool Size10

This is the size of the thread pool used to send notifications. In production this should be around 25-30.

(com.iplanet.am.notification.threadpool.size)

Notification Thread Pool Threshold5000

This is the maximum number of notifications in the queue waiting to be sent. The default value should be fine in the majority of installations.

(com.iplanet.am.notification.threadpool.threshold)


Session Settings

The Session Service has additional properties to tune, which are configured under Configure > Server Defaults > Session > Session Limits. The following suggestion applies to deployments using CTS-based sessions:

Session Settings
PropertyDefault ValueSuggestion
Maximum Session Cache Size5000

Maximum number of AM sessions to cache on the server.

In production, this value can safely be set into the 100,000s. The maximum session cache size is really controlled by the maximum size of the JVM heap which must be tuned appropriately to match the desired session cache size.

(org.forgerock.openam.session.service.access.persistence.caching.maxsize)


Policy Evaluation Settings

The AM policy engine places policies for evaluation on a queue in batches. Use ssoadm to optimize performance evaluation throughput by configuring the number of threads available for this queue.

This example increases the number of threads from the default value of 10 to 20: 

./ssoadm set-entitlement-conf -u amadmin  -f pwd.txt -a evalThreadSize=20
Read a different version of :