AuthManager is currently behind a feature switch ($wgDisableAuthManager) so its code is never executed. This is intended to be a temporary measure to smoothen the rollout and should be disabled and then ripped out as soon as possible.
|operations/mediawiki-config : master||Enable AuthManager on group2|
|operations/mediawiki-config : master||Clean up AuthManager configuration (no-op)|
|operations/mediawiki-config : master||Enable AuthManager in group1|
|operations/mediawiki-config : master||Fix AuthManager feature switch configuration|
|operations/mediawiki-config : master||Enable AuthManager on group0|
|operations/mediawiki-config : master||Update audit hooks for AuthManager|
|operations/mediawiki-config : master||Do not set wgAuth to LdapAuth when AuthManager is enabled|
|operations/mediawiki-config : master||Enable AuthManager on beta wikitech|
It is only used on login / account creation (and only normal login, not CentralAuth autologin), and to a mininal extent on Special:Preferences (and in the users API but only if you ask for a non-default property); those might get slower, although I would expect execution time to be dominated by DB writes, in which there was very little change. So I wouldn't expect any impact (but we should definitely monitor for it).
Also password change, including the account recovery temporary password.
(and only normal login, not CentralAuth autologin),
But it is involved when CentralAuth autologin triggers auto-creation of the local account.
and in the users API
Specifically, that's ApiQueryUsers (api.php?action=query&list=users).
One other thing that might impact performance for logins and account creations is that AuthManager uses the Session secret thing you patched for unit tests in https://gerrit.wikimedia.org/r/#/c/291503/. I don't think anything else uses that yet, although OATHAuth uses very similar code when logging in with two-factor.
I'll try enabling in beta today. The only missing bits are things logging into zerowiki (T135074, T135698) which is not affected and TranslationNotifications logging into other wikis (T110766) which is probably not affected, and worst case it breaks translation notifications on beta, which we can live with. OTOH the extra testing time for CentralAuth will be very valuable.
It's now been live on group2 for almost a day and I haven't heard anything concerning. The only significant change in the auth stats is that failed account creations are down (successful ones are not affected though). No log spam, new user count (which is measured in a different way than the AuthManager dashboard events) looks unchanged; I'm not good at finding my way in ganglia but the appserver/API/DB/redis graphs seemed flat. I think we can call this done.