[keycloak-user] Shared datastore?

Marek Posolda mposolda at redhat.com
Thu Nov 15 05:43:59 EST 2018 

On 08/11/18 17:35, Nicolas Ocquidant wrote:
> My requirements are the following: store tokens emitted by KC during one
> year.
>
> I don't know how many users there are, but here are the number I get:
>    * the number of connections a week is about 700k.
>    * the number of session refresh a week is about 200k.
>
> I approximated around 1M of sessions a week, thus 52M a year.
> In memory, a user session has been estimated around 4KB (about 1KB in
> file/DB).
>
> But I guess a refresh does not create another session isn't it? And maybe
> it's possible to ask KC to delete previous emitted tokens when a new one is
> created for a same user?
No, it doesn't. It just updates lastSessionRefresh field on userSession 
and possibly timestamp on clientSession.
>
> If yes, my estimation is probably a little bit too high here, but I
> certainly have several millions of tokens to keep (and maybe dozens of
> millions).
>
> Thanks
> --nick
>
> Le mer. 7 nov. 2018 à 18:17, Nicolas Ocquidant <nocquidant at gmail.com> a
> écrit :
>
>> Hi,
>>
>> According to Infinispan, when passivation is disabled, every update to the
>> cache should always write to the store.
>>
>> But I can't manage to get it work with Keycloak. If I disable passivation,
>> my SQL store (Postgres) stays empty, even if the cache is full.
>>
>> So, if passivation is needed for Keycloak to write to the DB, it means
>> that the use of a shared DB is not possible...
>>
>> But this leads to another issue for me. Enable passivation without a
>> shared DB seems to imply that either 'fetch-state' or 'purge' should be
>> enabled on startup, in order for the cache to not contain stale entries.
>>
>> 15:27:44,626 WARN
>> [org.infinispan.configuration.cache.AbstractStoreConfigurationBuilder] (MSC
>> service thread 1-6) ISPN000149: Fetch persistent state and purge on startup
>> are both disabled, cache may contain stale entries on startup
>>
>> As I need to keep millions of sessions, this will considerably slow down
>> the startup of my node (when started again after a crash for instance).
>>
>> So, is shared datastore allowed in Keycloak? If yes, how to enable it?
>> Otherwise what other options do I have to improve my startup time, if
>> millions of sessions are in the store?
>>
>> Thanks
>> --nick
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list