[keycloak-user] Keycloak Performance with large number of realms

John D. Ament john.d.ament at gmail.com
Tue May 23 09:04:40 EDT 2017 

Stian,

We just got a report of a new issue, not sure if its related to the
existing but I can create a ticket on your side if it makes sense.

When accessing /auth/realms/master/protocol/openid-connect/token we are
seeing 3k SQLs being executed of this format:

select compositer0_.COMPOSITE as COMPOSIT1_16_0_, compositer0_.CHILD_ROLE
as CHILD_RO2_16_0_, roleentity1_.ID as ID1_38_1_, roleentity1_.CLIENT as
CLIENT8_38_1_, roleentity1_.CLIENT_REALM_CONSTRAINT as CLIENT_R2_38_1_,
roleentity1_.CLIENT_ROLE as CLIENT_R3_38_1_, roleentity1_.DESCRIPTION as
DESCRIPT4_38_1_, roleentity1_.NAME as NAME5_38_1_, roleentity1_.REALM as
REALM9_38_1_, roleentity1_.REALM_ID as REALM_ID6_38_1_,
roleentity1_.SCOPE_PARAM_REQUIRED as SCOPE_PA7_38_1_ from COMPOSITE_ROLE
compositer0_ inner join KEYCLOAK_ROLE roleentity1_ on
compositer0_.CHILD_ROLE=roleentity1_.ID where compositer0_.COMPOSITE=?

On Wed, May 10, 2017 at 12:40 PM John D. Ament <john.d.ament at gmail.com>
wrote:

> Stian,
>
> Good news.  Glad to see these things get prioritized.  So far they look
> like they're matching the problems I'm running into, specifically around
> the whoami endpoint and overall number of SQLs (2800 queries in one of my
> tests) and the total number of DB connections allocated within that one
> request (3200+).
>
> John
>
>
> On Wed, May 10, 2017 at 8:02 AM Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> There are a number of issues around having a large number of realms. We
>> have a general issue open to support this:
>> https://issues.jboss.org/browse/KEYCLOAK-4593
>>
>> We haven't prioritized this in the past, but that has changed and we
>> would like to get this sorted out.
>>
>> There's a few more related PRs including the one you linked:
>> https://github.com/keycloak/keycloak/pull/3557
>> https://github.com/keycloak/keycloak/pull/3561
>>
>> On 10 May 2017 at 12:35, John D. Ament <john.d.ament at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> After enabling Keycloak and starting work on a multi-tenant application,
>>> it
>>> was noted that the admin console started to get very slow in keycloak.
>>> After some searching around, it seemed like this was an already reported
>>> issue [1] and a fix underway [2].  I was wondering if this fix would make
>>> it into 3.2?
>>>
>>> If additional testing is needed, I'd be happy to help out.  Deleting 161
>>> realms with minimal clients and users took me 15 minutes via the REST
>>> API.
>>>
>>> [1]: https://issues.jboss.org/browse/KEYCLOAK-4858
>>> [2]: https://github.com/keycloak/keycloak/pull/4095
>>>
>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>

More information about the keycloak-user mailing list