Improve the performance of IDP update operation

[DilshanSenarath]

Purpose

Previously, when an IDP update was performed, we had configured listeners doPreUpdateIdp and doPostUpdateIdp to update connected applications. However, the issue arose when more than 1000 applications were connected to an IDP. In these listeners, we iterated over all the service providers one by one, checking if the IDP/Authenticator update (such as disabling) was valid. If the default authenticator was changed, and the federated authentication flow used this IDP, the listener would automatically update the authenticator mapping in the SP_FEDERATED_IDP table. This process was very expensive, triggering over 18,000 SQL queries even for a small IDP/Authenticator update.

In this PR, I've enhanced the IDP update performance by removing the blind iteration through all connected SPs. Instead, I've introduced a SQL statement that checks whether a service provider refers to the IDP ,Authenticator or Outbound Connector, and if so, it prevents the IDP or Authenticator from being disabled. Another improvement is that we now retrieve the SP resource ID list based on the AUTH_TYPE="federated" and only iterate through the affected service provider list to update the database.

Performance Improvement (~2000 Connected Apps)

Operation	Previous Time	Improved Time
IDP Update	1 min 15 sec	200 ms
Authenticator Update	1 min 15 sec	200 ms
Outbound Connector Update	1 min 15 sec	200 ms
[Edge Case] Change Default Authenticator (Here all the SPs are referring the IDP as AUTH_TYPE="federated") [1]	1 min 15 sec	1 min

Related Issue

• Performance Degradation During Authenticator Update with a Large Number of Associated Applications  product-is#20961

[1] -

Tested Scenarios - https://docs.google.com/document/d/1EuwbFXqLA1JHy6tcX_klbp0Fxbs_QiPBJKWUb30loOg/edit?usp=sharing

[codecov]

Codecov Report

Attention: Patch coverage is 5.38462% with 123 lines in your changes missing coverage. Please review.

Project coverage is 23.95%. Comparing base (9edd086) to head (c272611).
Report is 277 commits behind head on master.

Files with missing lines	Patch %	Lines
...stener/ApplicationIdentityProviderMgtListener.java	0.00%	50 Missing ⚠️
.../org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java	0.00%	31 Missing ⚠️
...y/application/mgt/dao/impl/ApplicationDAOImpl.java	24.13%	22 Missing ⚠️
...g/wso2/carbon/idp/mgt/IdentityProviderManager.java	0.00%	8 Missing ⚠️
...cation/mgt/dao/impl/CacheBackedApplicationDAO.java	0.00%	3 Missing ⚠️
.../main/java/org/wso2/carbon/idp/mgt/IdpManager.java	0.00%	3 Missing ⚠️
.../wso2/carbon/idp/mgt/dao/CacheBackedIdPMgtDAO.java	0.00%	3 Missing ⚠️
...n/identity/application/mgt/dao/ApplicationDAO.java	0.00%	2 Missing ⚠️
...lication/mgt/dao/impl/FileBasedApplicationDAO.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #6025      +/-   ##
============================================
+ Coverage     22.74%   23.95%   +1.21%     
- Complexity     6096     6442     +346     
============================================
  Files          1561     1564       +3     
  Lines         99248    99467     +219     
  Branches      15187    15237      +50     
============================================
+ Hits          22574    23828    +1254     
+ Misses        73417    72269    -1148     
- Partials       3257     3370     +113     

Flag	Coverage Δ
unit	23.95% <5.38%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copilot reviewed 5 out of 11 changed files in this pull request and generated 1 suggestion.

Files not reviewed (6)

• components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationMgtDBQueries.java: Evaluated as low risk
• components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdentityProviderManager.java: Evaluated as low risk
• components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/CacheBackedApplicationDAO.java: Evaluated as low risk
• components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPManagementConstants.java: Evaluated as low risk
• components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/dao/CacheBackedIdPMgtDAO.java: Evaluated as low risk
• components/idp-mgt/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/IdpManager.java: Evaluated as low risk

Comments skipped due to low confidence (1)

components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/dao/impl/ApplicationDAOImpl.java:6605

• [nitpick] The error message could be more descriptive by including the tenant domain. Suggestion: 'Failed to update local and outbound config of application: ' + applicationId + ' in tenant domain: ' + tenantDomain

throw new IdentityApplicationManagementException("Failed to update local and outbound config of application: " + applicationId, e);

The method name 'getAuthentictorID' is misspelled. It should be 'getAuthenticatorID'.

Suggested change

	getAuthentictorID(dbConnection, tenantId, idpName, defaultAuthenticatorName);
	getAuthenticatorID(dbConnection, tenantId, idpName, defaultAuthenticatorName);