[keycloak-dev] large number of realms causing slow api calls
Stian Thorgersen
sthorger at redhat.com
Fri Oct 5 07:22:27 EDT 2018
Keycloak simply doesn't scale well with regards to large number of realms
today and it's not something we currently support.
That's just one of several issues around large number of realms that have
to be resolved. Another example is upgrading the server with 1700 realms is
also going to be painful.
At the moment we are not able to priorities this though. We are planning to
resolve it, but it will be quite some time until we do.
For the particular issue you've mentioned the work-around is to remove the
realm roles from the admin composite in master realm. That will work, but
you will only be able to login and manage realms individually.
On Thu, 4 Oct 2018 at 18:07, Gideon Caranzo <gideonray at gmail.com> wrote:
> Hi,
>
> I'm encountering slow api calls after reaching 1700 realms. I profiled it
> and found that role checking is causing the issue particularly
> *KeycloakModelUtils.searchFor(RoleModel
> role, RoleModel composite, Set<String> visited)*.
>
> I'm using a user with "admin" role to call get realm API. And since i have
> 1700 realms, "admin" role now have about 30K composite roles under it. The
> line below from KeycloakModelUtils.searchFor() will load all 30K composite
> roles causing the slow down.
>
> *Set<RoleModel> compositeRoles = composite.getComposites();*
>
> Is there a way to avoid this issue? Or is it possible to fix the code such
> that it will do a database query instead of searching in memory to check if
> the role exist?
>
> Best regards,
> Gideon
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list