Performance Report
Overview
The eSignet Performance Report provides a comprehensive analysis of the system’s responsiveness, reliability, and scalability under various operational conditions. It captures key performance metrics such as throughput, resource utilization and memory consumption. This report is designed to help stakeholders understand how eSignet performs in real-world scenarios, identify potential bottlenecks, and guide future optimizations to ensure a seamless and secure digital identity experience.
Read more about eSignet: eSignet Documentation Further reading for eSignet integration with MOSIP: MOSIP eSignet | MOSIP Docs 1.2.0
Scope
This performance report focuses specifically on benchmarking and evaluating eSignet v1.4.1 under controlled test conditions using a mock Identity Authentication (IDA) system. The key areas covered within the scope of this report include:
Performance testing is limited to eSignet v1.4.1 and does not extend to earlier or future versions.
Only OTP-based authentication flows were included in the performance assessment. Other factors such as biometrics or password-based flows were excluded because the performance was conducted with mock ID system, so the change in the auth factor does not impact the response times of user authentication and userinfo exchange.
The system was tested to achieve and maintain a constant throughput of 100 requests per second (RPS), which in turn translates to 15 transactions per second (TPS) based on the 7 endpoints required to complete 1 transaction.
System was able to maintain the throughput of 100 RPS both with and without intentional delays introduced in the mock IDA system. The goal was to ensure consistent performance while remaining within the predefined Service Level Agreements (SLAs) for response times.
All performance bottlenecks, failures, or irregularities encountered during testing were documented. Where applicable, fixes and optimizations were implemented and validated to ensure compliance with performance targets.
Approach
To perform the test run, Apache - JMeter was used as the load testing tool to simulate 106 users, maintaining a consistent throughput of 100 requests per second (RPS) for a duration of 30 minutes.
100,000 sample user data was prepared for the run, if the total number of user samples exceeds 100,000 then the first 100,000 sample user data will be unique, and the 100,001st sample data will be a repeat of the 1st sample data from the entry list.
To mimic a real-world scenario, an additional delay of 1000ms was introduced for the send-OTP, auth, and token endpoints in the mock identity system. Consequently, the SLA was updated to 1.5 seconds.
Tools Used
Jmeter to simulate the user load.
Jprofiler to profile JVM and the application code.
Summary
Focus: OTP-based authentication flows only
Scenarios tested:
With 1-second induced delay in mock Identity Authentication (IDA) system
Without induced delay
Load conditions:
Sustained 100 requests per second (RPS)
30-minute duration
Test environment configuration:
eSignet: 2 pods (1500m CPU, 2250Mi memory each)
Mock ID system: 2 pods (300m CPU, 2250Mi memory each)
Results:
Target throughput achieved
All Service Level Agreements (SLAs) consistently met
Excellent performance and stability under high load and delayed response conditions
Test Results Summary
/authorization/send-otp
58 ms
1260 ms
≤1500 ms
/authorization/v3/authenticate
79 ms
1258 ms
≤1500 ms
/oauth/v2/token
76 ms
1267 ms
≤1500 ms
Scenarios Considered
The performance run is carried out with below assumptions and considerations:
Performance of eSignet APIs is checked against MOCK ID plugin.
We have considered the OTP auth factor for the performance run.
SLA:
We are considering that the integrated ID system will take 1.5 secs for below integration points to return back the response:
Send OTP (/authorization/send-otp)
KYC Auth (/authorization/v3/authenticate)
KYC Exchange (/oauth/v2/token)
eSignet
Pre-requisite:
Client ID is generated using eSignet API(/v1/esignet/client-mgmt/oidc-client).
eSignet API requires PMS auth Token
User authentication with OTP
/csrf/token → GET
/authorization/v2/oauth-details → POST
/authorization/send-otp → POST
/authorization/v3/authenticate → POST
/authorization/auth-code → POST
/oauth/v2/token → POST
/oidc/userinfo → GET
<=100ms
<=100ms
<=1.5s
<=1.5s
<=100ms
<=1.5s
<=100ms
100%
Test Environment
Deviation from the default deployment
Migration from the softhsm to PK12. As part of the performance evaluation, a key deviation from the default deployment was the migration from SoftHSM to PKCS#12 (PK12) for key storage. This change enhanced compatibility and operational efficiency such that eSignet met its SLA targets under both normal and stress conditions.
Software (Under Test)
Following ‘Images’ were under the scope of ‘Performance Testing’:
Modules Segregation
mosipid/mock-identity-system:release-0.11.0
The changes are tested with mosipqa image and are available in release-0.11.x
Test Data
Performance data load has been populated before the run to ensure realistic results.
mock identity
uin
100000
fullName
100000
emailId
100000
phoneNumber
100000
Test Design
Test Duration: 30 mins
Test Type: Load
Ramp Up: 3 mins
User distribution among the scenarios
User with OTP authentication
eSignet-service
/csrf/token
GET
100
100
100
/authorization/v2/oauth-details
POST
100
/authorization/send-otp
POST
1500
/authorization/v3/authenticate
POST
1500
/authorization/auth-code
POST
100
/oauth/v2/token
POST
1500
/oidc/userinfo
GET
100
Resource level configuration
Number of pods
Resource configuration
eSignet
2
resources:
limits:
cpu: 1500m
memory: 2250Mi
requests:
cpu: 1500m
memory: 2250Mi
name: JDK_JAVA_OPTIONS
value: '-Xms2250M -Xmx2250M'
mock-identity-system
2
resources:
limits:
cpu: '300m'
memory: 2250Mi
requests:
cpu: 300m
memory: 2250Mi
name: JDK_JAVA_OPTIONS
value: '-Xms1500M -Xmx1500M'
Test Result
Performance test execution results
Application Name
eSignet
Test Duration
13/03/2025 (30 mins)
Status
Pass
Test Report
Test results for 100 RPS for a 30-minute run, simulating the real-time ID system by adding a fixed 1-second processing time for each endpoint (send-OTP, auth, and token).
Scenario Name
Transaction Name
API Endpoint
HTTP Method
100 RPS
Date : 09/06/2025 (half an hour duration)
# Samples
Min
Average
90% Line
Max
Error %
User with OTP authentication
S01 T01 GetCsrf
/csrf/token
GET
25969
7
12
17
358
0.00%
S01 T02 OAuthdetails
/authorization/v2/oauth-details
POST
25968
6
12
17
391
0.00%
S01 T03 Send OTP
/authorization/send-otp
POST
25968
1017
1095
1260
1719
0.00%
S01 T04 Authentication
/authorization/v3/authenticate
POST
25952
1025
1101
1258
1754
0.03%
S01 T05 Autorization
/authorization/auth-code
POST
25934
7
14
19
1026
0.00%
S01 T06 Token
/oauth/v2/token
POST
25934
1030
1106
1267
1964
0.00%
S01 T07 Userinfo
/oidc/userinfo
GET
25918
6
12
17
437
0.00%
Metrics
Table of eSignet endpoint metrics
Time chart of 90th percentile response time for eSignet services
Dependent services metrics
Table of mock identity system endpoint metrics and time-chart of 90th percentile response time
CPU Utilisation
Memory Utilisation
Resource Calculator
Please refer the details resource calculator published here for sizing guidelines.
Performance Analysis
KPI Comparison
The key performance metrics from the overall run focused on the response times of the endpoints: send-OTP, KYC-Auth, and KYC-Exchange from the integrated identity system to achieve 100/sec through put is shown below.
send-OTP
1500
1260
KYC-Auth
1500
1258
KYC-Exchange
1500
1267
Bottlenecks
Based on the scope of the performance run, no bottlenecks or issues were observed.
Recommendation
The performance of the system was evaluated based on the defined scope and approach, achieving a consistent throughput of 100 requests per second (RPS) during a 30-minute run. It is recommended to use a Resource Calculator for estimating requirements and scaling for the desired number of users and transactions.
Annexure:
Last updated
Was this helpful?