> > it should not be able to fill the heap memory of the SSO server which > would argue that there is some bug in the CAS SAML code that is being > "excercised" by the repeated logins. >
You attached a profiler screenshot near the beginning of the thread that showed a large number of GoogleAccountsService objects holding onto memory. I should note that GAS holds references to the keypair used to sign/verify SAML assertions. Assuming you're using at least a 2048-bit RSA key for that, that's at least 512 bytes (2048/8*2) per instance. Your profiler screenshot is showing ~1.7M instances of that class consuming >76MB memory, which doesn't add up AFAICT. In any case I could see why excessive numbers of that class would cause trouble, but I don't have an explanation for why there are so many allocated. Perhaps we do have a resource leak here. I suggest you create an issue an attach all data you have, especially profiler data, and we can investigate further. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
