Research Information System
International Topkapı Congress - V, İstanbul, Turkey, 19 - 21 March 2025, pp.8-17, (Full Text)
In recent years, the demand for robust, efficient, and secure authentication protocols has intensified with the rise of digital services and online identity management. This work compares two leading authentication frameworks, FIDO2 and OpenID Connect, through performance testing using JMeter. The motivation stems from a growing need to assess real-world performance metrics under varying loads, which is critical for user experience and large-scale deployments. The core problem tackled is the limited practical analysis of these protocols' performance under standardized conditions, leaving a gap in understanding their real-world limitations and trade-offs. This study presents a detailed benchmarking analysis, highlighting latency, throughput, success rate, and data handling differences between FIDO2 and OpenID Connect authentication flows. The methodology emphasizes consistent testing environments using containerized setups, JMeter scripting, and rigorous statistical validation. The experimental setup involves deploying FIDO2 and OpenID Connect servers on a virtual machine, simulating user loads, and evaluating their response to varying levels of authentication requests. Results indicate that FIDO2 achieves faster response times under certain conditions, leveraging its passwordless and cryptographic-based authentication, while OpenID Connect offers broader flexibility for federated identity cases but sometimes at the cost of higher response times under heavy loads. These findings provide a critical reference point for enterprises seeking high-performing, standards-compliant authentication solutions, guiding them in choosing the best approach based on their performance needs.