Hi, I am using a trial database service using APEX applications. I have an application that is used among others to display examination results.
I have used a custom table-based authentication which works ok during testing. However after a few days on the cloud, I am beginning to think that it might
be better to capture the users who need to use the application and then "feed" them into the Identity management console using a csv file and
"Load Users". The users can then use the password management there, and probably the Identity management is more secure than my authentication.
I may have around 30,000 users most of which log in only for a short time when the results are out ,but probably almost all of them at the same time!
Does that make sense, or is it not what it was meant for?
I am also worried whether the application will hang when all of the users are logging in at the same time,although maybe the service can handle all this
without breaking a sweat.
Grateful for any guidance on this.
Hi Leckraj -
Thanks for the interesting question!
So, let me try to address it in two different ways, in terms of functionality and scalability.
If I understand correctly, your approach would be to somehow collect credentials in your application and then load them into the Cloud Identity management solution. This to me seems like an extra step that doesn't get you much. Since you are collecting the credentials in your app, any security issues that you start with you still have, at least initially. And my guess is that your 30K users would not want to go through the process of being forced to change their passwords on first log in, which I believe is the standard for Cloud Identity Management, and answer 3 questions which are required if they are to ever change their passwords. More overhead without more benefit.
As far as everyone logging in at the same time, there are plenty of APEX apps with large user communities. I don't know of any where 30,000 people log in simultaneously, but I am fairly certain the Cloud Identity Management has not been subjected to that either. Authentication in APEX is done with the Oracle Database, which is generally very scalable, but, once again, 30K simultaneous users is a lot. I would not guarantee anything, but, of course, testing is the way to get a real answer to this question.
I hope this provides some help, and thanks.
- Rick Greenwald
Thanks for the reply.
I'll have a separate application with no authentication to collect the credentials,check duplicates etc.
I think my users will be reassured when they login through Identity Management which looks the part,plus they get to see the words "Oracle" and "Cloud"
which can only be a good thing!
And I don't have to send them a confirmation email,reset passwords and I don't have to worry about hashing,md5,encryption etc. etc.
But as a user in a community one does not want to load a system with un-needed information,so I am more worried about how to purge out
users who have not logged in for awhile. I can get a list my app but I still would need to delete them one by one in Identity Management.
Leaving them there is also a security risk.
Most of my users will be transitory,they would just register for the exam,get the results and leave after 8-10 months.
Can a service administrator automate this in some way?
Ideally it would be great if we could load a list of users to be deleted in a csv file as well.
Is there a limit on the number of users Identity Management can batch load at one go, or a recommended limit?
And 30,000 may be overstating it a bit,its more like 20,000,but still a large number!
Hi Leckraj -
I would ask your questions in the forum for Oracle Identity Management. Make sure you indicate you are using the Database Cloud Service to make sure they understand the right revision.
Thanks for your interest.
- Rick Greenwald