django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Syncing Azure AD groups is too slow

Open AndreyMZ opened this issue 1 year ago • 0 comments

Problem description

The performance of syncing with Microsoft Entra ID (ex. Azure AD) groups added in https://github.com/DefectDojo/django-DefectDojo/pull/6128 is unacceptably poor. It can take 20 seconds to log in a user with 45 groups.

Root cause

  1. https://github.com/DefectDojo/django-DefectDojo/blob/81c123e8d92024b965ddd3c985640e2fe398007b/dojo/pipeline.py#L80-L86

    To get the names DefectDojo requests Microsoft Graph REST API v1.0 Get group endpoint (GET /v1.0/groups/{id}) for every user’s group ID.

  2. https://github.com/DefectDojo/django-DefectDojo/blob/81c123e8d92024b965ddd3c985640e2fe398007b/dojo/pipeline.py#L114-L120

    https://github.com/DefectDojo/django-DefectDojo/blob/81c123e8d92024b965ddd3c985640e2fe398007b/dojo/pipeline.py#L125-L130

    DefectDojo performs O(N) queries to the database, where N is a number of the user’s groups.

Possible solution

  1. To reduce the number of network requests from N to 1 use the List transitive member of endpoint (GET /v1.0/me/transitiveMemberOf).
  2. To reduce the number of database queries from O(N) to O(1) use bulk operations like:

AndreyMZ avatar Jun 26 '24 10:06 AndreyMZ