[keycloak-user] Authorization services performance

Wed Aug 22 09:27:55 EDT 2018

Hi Ori,

AFAIK, only 7.3. It would be nice if you could give a try to the community
version before checking 7.3.

Regards.
Pedro Igor

On Wed, Aug 22, 2018 at 10:23 AM, Ori Doolman <Ori.Doolman at amdocs.com>
wrote:

> Thanks Pedro for the quick response.
>
> I am not sure the high DB CPU load is only because of authorization
> requests. We need to do further analyzing.
>
> We are using the RedHat SSO version, hence it would be difficult to try
> latest Keycloak version now. Will we see any improvement when trying RHSSO
> version 7.2 (currently latest)?
>
>
>
>
>
> Thanks,
>
>
>
> *Ori Doolman*
>
> Lead Software Architect
>
> Amdocs Optima
>
>
>
> +972 9 778 6914 (office)
>
> +972 50 9111442 (mobile)
>
>
>
> [image: cid:image001.png at 01D2C8DE.BFF33E10]
>
>
>
> *From:* Pedro Igor Silva <psilva at redhat.com>
> *Sent:* Wednesday, August 22, 2018 15:11
> *To:* Ori Doolman <Ori.Doolman at Amdocs.com>
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] Authorization services performance
>
>
>
> On Wed, Aug 22, 2018 at 8:38 AM, Ori Doolman <Ori.Doolman at amdocs.com>
> wrote:
>
> Hi,
>
> We are using Policy Enforcer in Java client (JBOSS FUSE) to send the
> permission ticket to Keycloak PDP for evaluating a pre-configured
> Javascript policy rule.
> We are using Keycloak version 2.5.5.
>
> Is that evaluation in Keycloak PDP occur in-memory, or does it perform a
> DB access each time?
>
>
>
> If cache is warm, it should not happen any database hits. We cache not
> only entities (resources, policies, etc) but also specific queries that are
> executed during evaluation.
>
>
>
> In latest version, 4.3.0.Final, we delivered quite a few performance
> improvements to the evaluation engine like removal of redundant code and
> refactoring to optimize execution and decision cache on a per authorization
> request basis. We are still working on some other improvements as this is
> one of our main goals for future releases.
>
>
>
> I would recommend you to try latest version. There are other improvements
> too that I think you may benefit. Things like being able to define response
> format (if just a decision, list of granted permissions or standard oauth2
> response), limit the number of permissions that the server should process,
> pushed claims (with or without permission tickets), additional methods to
> the evaluation api, etc.
>
>
>
>
>
> Thanks,
>
> Ori Doolman
> Lead Software Architect
> Amdocs Optima
>
> +972 9 778 6914 (office)
> +972 50 9111442 (mobile)
>
> [cid:image001.png at 01D2C8DE.BFF33E10]
>
> “Amdocs’ email platform is based on a third-party, worldwide, cloud-based
> system. Any emails sent to Amdocs will be processed and stored using such
> system and are accessible by third party providers of such system on a
> limited basis. Your sending of emails to Amdocs evidences your consent to
> the use of such system and such processing, storing and access”.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> *“Amdocs’ email platform is based on a third-party, worldwide, cloud-based
> system. Any emails sent to Amdocs will be processed and stored using such
> system and are accessible by third party providers of such system on a
> limited basis. Your sending of emails to Amdocs evidences your consent to
> the use of such system and such processing, storing and access”.*
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3506 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20180822/d97fd7a1/attachment.png 