[keycloak-user] Users losing realm roles without a valid reason
Johan Heylen
johan.heylen.public at gmail.com
Tue Nov 17 09:40:06 EST 2015
Hallo,
we have noticed a strange behaviour in our Keycloak setup:
After a while, some users lose one of their assigned realm roles, without
anyone actually requesting this from the keycloak server (We see no admin
events who can explain this behaviour).
Could it be that something is wrong in some cache implementation or an in
issue in concurrency?
When I make a dump of the database, the role can also no longer be found
there in the user export, so it actually gets removed from there as well.
One specific thing we do, is managing the realm settings using the admin
REST API, which PUTs the realm config JSON every X minutes (X is currently
5 to 2 minutes), so the PUT call happens a lot (I can see it in the admin
events).
To exclude this as possible culprit, I've disable this constant updating of
the realm. I'll send an update wether this has had any impact, but either
way, the issue should not occur.
Has anyone already encountered this issue?
I can provide you with more config of the keycloak server and realm if
required... We are one 1.6.0
Could you help me with enabling the correct logging, so I might be able to
trace where the problem occurs or see what causes the drop of a realm role
on a user (His other realms roles remain untouched...)
Currently I am not able to reproduce this with a testcase, it just occurs
from time to time on a test platform, so I did not create a JIRA ticket yet
Tnx,
Johan Heylen
DNS Belgium
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151117/daf34177/attachment.html
More information about the keycloak-user
mailing list