10.08.2025 –, TR210
This 30-minute talk explores how we transformed the open-source Spring Authorization Server into an enterprise-grade Security Token Service (STS) capable of supporting millions of users. I'll share our practical journey from evaluation to production deployment, with a focus on the architectural decisions, customizations, and performance optimizations that made this possible. You'll learn how we identified and addressed performance bottlenecks, integrated with complex enterprise systems, and maintained security compliance while scaling horizontally. This case study demonstrates how open-source software can be extended to meet even the most demanding enterprise requirements without forking the codebase, allowing organizations to benefit from both community innovation and enterprise reliability.
Session Outline
- Introduction and context of our enterprise authentication challenges
- Our evaluation process and why we chose Spring Authorization Server
- Core customizations for enterprise requirements
- Scaling strategies and performance optimizations
- Production deployment, monitoring, and lessons learned
Key Takeaways
Attendees will learn:
- A practical framework for evaluating open-source security projects for enterprise use
- Specific performance optimizations that allowed Spring Authorization Server to scale to millions of users
- Techniques for extending and customizing Spring Authorization Server without forking the codebase
- Strategies for integrating modern OAuth 2.0/OIDC systems with enterprise applications
- Lessons learned from our production deployment and monitoring approach
This talk is designed for software engineers, architects, and technical decision-makers who are facing authentication challenges in growing systems. Whether you're considering adopting Spring Authorization Server, looking to scale your existing authentication infrastructure, or simply interested in real-world applications of open-source security projects, you'll find practical insights applicable to your work. Some familiarity with OAuth 2.0/OpenID Connect and Spring concepts will be helpful, but I'll provide sufficient context for those new to these technologies to follow along and extract valuable lessons about applying open-source solutions to enterprise problems.
Schwierigkeitsgrad:初學者
Suvin is a Senior Software Engineer at WSO2 and an open-source maintainer. Even though his work is more focused on Identity and Access Management in Kubernetes, he enjoys being a developer advocate speaking at events and leading tech communities. He is a Die-Hard fan of JavaScript, IAM, Sci-fi and TBBT. Suvin is known for his community work and in fact, you may meet him at many dev community events around South Asia. If you see him at any of these events, don’t forget to wave and say Hi!