<div dir="ltr"><a href="https://issues.jboss.org/browse/KEYCLOAK-1268">https://issues.jboss.org/browse/KEYCLOAK-1268</a><br></div><br><div class="gmail_quote">On Mon, May 4, 2015 at 3:59 PM Bill Burke <<a href="mailto:bburke@redhat.com">bburke@redhat.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Log a JIRA. We don't have a workaround for this.<br>
<br>
On 5/4/2015 2:42 PM, Leonardo Loch Zanivan wrote:<br>
> Hi,<br>
><br>
> I have a big problem here because of bearer token size.<br>
><br>
> I'm using keycloak within a SaaS application, so I need create alot of<br>
> realms.<br>
><br>
> After 30 realms created, the bearer token issued for master admin user<br>
> has more than 8kb.<br>
> It's huge for a single header, Apache limits 8kb headers by default.<br>
> With 1000 realms, the bearer token of master admin user will have 3.5mb.<br>
> It'll be impossible to use keycloak in production, it occurs because<br>
> "resource_access" property has all realms with all possible roles.<br>
><br>
> It's possible to create wildcard "*" for "resource_access" to prevent<br>
> that problem?<br>
><br>
><br>
> _______________________________________________<br>
> keycloak-dev mailing list<br>
> <a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
><br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote></div>