[keycloak-user] Any limit on number of clients?

Aikeaguinea aikeaguinea at xsmail.com
Fri Jan 15 22:06:47 EST 2016


Yes, that's exactly what it is--the device has to authenticate as
itself.

On Fri, Jan 15, 2016, at 10:37 AM, Stian Thorgersen wrote:
> Depends on what a device is. If it's a device that is controlled by a
> human that could authenticate as themselves then use a user account.
> If it's a device that is purely non-human than use a service account.
>
> On 15 January 2016 at 16:05, Aikeaguinea
> <aikeaguinea at xsmail.com> wrote:
>> __
>> I realize these aren't clients in the sense Keycloak intends, but in
>> this case Keycloak provides all the functionality I need without me
>> having to rebuild it myself -- particularly with respect to
>> generating and managing certificates. Since the devices are all
>> under our control, the concept of a service account seems to fit
>> even if the Keycloak concept of "client" really is intended for
>> something else.
>>
>> Will using Keycloak clients for this purpose get us in trouble
>> somehow?
>>
>>
>> On Wed, Jan 13, 2016, at 09:46 AM, Bill Burke wrote:
>>> I think you'd be better served having public clients and developing
    cert auth for users via our auth spi, as these are users aren't
    they?  They aren't clients in the sense of what Keycloak thinks of
    as a client.  A client in keycloak is really a service or web app.
>>>
>>> On 1/13/2016 2:43 AM, Stian Thorgersen
      wrote:
>>>> As Bill said we haven't tested with loads of
        clients, but we need to be able to scale to hundreds or probably
        thousand clients at least. So if you run into issues with it let
        us know and we'll look into it.
>>>>
>>>> On 13 January 2016 at 01:18,
          Aikeaguinea <aikeaguinea at xsmail.com> wrote:
>>>>> I'd say
            we're talking on the order of a hundred to start with; this
>>>>> could ramp up to multiples of that within a year or two. I
            imagine the
>>>>> thing to do would be for us to do some stress testing of our
            own.
>>>>>
>>>>> On Tue, Jan 12, 2016, at 06:57 PM, Bill Burke wrote:
>>>>> > How many devices you talking about?  I think it may
                become an issue as
>>>>> > we haven't really stressed and benched with tons
                (hundreds/thousands) of
>>>>> > clients.
>>>>> >
>>>>> > On 1/12/2016 6:08 PM, Aikeaguinea wrote:
>>>>> > > We have a number of devices that need to
                access APIs; for various
>>>>> > > reasons we need to use client certificates for
                this purpose.
>>>>> > >
>>>>> > > I have noticed that Keycloak will allow
                service accounts to authenticate
>>>>> > > using client certificates and that these
                certificates can be generated
>>>>> > > within Keycloak. This looks like it fits our
                needs well -- when we set
>>>>> > > up a new device we would need to set up a new
                client and service account
>>>>> > > for it in Keycloak. I've verified through
                testing that we can make this
>>>>> > > work.
>>>>> > >
>>>>> > > Ultimately we may have to manage a fairly
                large number of devices, say
>>>>> > > in the hundreds. Is there any reason that
                Keycloak would limit us in the
>>>>> > > number of clients we could create and manage
                in this way?
>>>>> > >
>>>>> >
>>>>> > --
>>>>> > Bill Burke JBoss, a division of Red Hat
>>>>> > http://bill.burkecentral.com
>>>>> >
>>>>> > _______________________________________________
>>>>> > keycloak-user mailing list keycloak-user at lists.jboss.org
>>>>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>>
>>>>> --
>>>>>
                Aikeaguinea
>>>>> aikeaguinea at xsmail.com
>>>>>
>>>>>
                --
>>>>> http://www.fastmail.com
                - Or how I learned to stop worrying and
>>>>>
                love email again
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>>
>>>>
>>>> _______________________________________________
keycloak-user mailing list
>>>> keycloak-user at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>> --
Bill Burke JBoss, a division of Red Hat
>>> http://bill.burkecentral.com
>>> _________________________________________________
>>> keycloak-user mailing list keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>> --
>> Aikeaguinea aikeaguinea at xsmail.com
>>
>>
>>
>> --
>> http://www.fastmail.com - The way an email service should be
>>
>>
>>
>> _______________________________________________
>>
keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user

--
  Aikeaguinea
  aikeaguinea at xsmail.com
 
 

-- 
http://www.fastmail.com - Faster than the air-speed velocity of an
                          unladen european swallow

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160115/c7327a31/attachment.html 


More information about the keycloak-user mailing list