<div dir="ltr">One thing to add is that Mongo is not going to be supported in productized version of Keycloak. At least not initially.</div><div class="gmail_extra"><br><div class="gmail_quote">On 11 May 2016 at 17:43, Ton Swieb <span dir="ltr"><<a href="mailto:ton@finalist.nl" target="_blank">ton@finalist.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Marek,<br>
<br>
Thank you for your answer. So if I understand you correctly there are<br>
no plans to drop Mongo support in the near feature. Good to know.<br>
<br>
How many (concurrent) users did you need to use to see a performance<br>
difference between Mongo and MySQL?<br>
<br>
I assume the lack of transaction support in Mongo only becomes an<br>
issue with multi row/document transactions. Are multi row/document<br>
transactions used commonly in the Keycloak application or are most<br>
transactions limited to a single row/document?<br>
<br>
Regards, Ton<br>
<div class="HOEnZb"><div class="h5"><br>
2016-05-11 9:45 GMT+02:00 Marek Posolda <<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>>:<br>
> On 10/05/16 14:18, Ton Swieb wrote:<br>
>><br>
>> Hi,<br>
>><br>
>> I understand from the Keycloak documentation that both MongoDB and<br>
>> multiple flavours of RDBMS are supported, but I cannot find any<br>
>> recommendation whether to use MongoDB or an RDBMS by default.<br>
>><br>
>> Which one is best suited for the Keycloak product?<br>
>> I am anticipating a user base of around 10000 users (mainly via<br>
>> Identity Brokering), will use offline tokens and use Keycloak as an<br>
>> Identity Broker for a SAML IdP. I am starting from a green field<br>
>> situation and do not have any restrictions on using a specific DB.<br>
>><br>
>> I found a comment of Bill Birke on the Keycloak developer<br>
>> mailing-list,<br>
>> <a href="http://lists.jboss.org/pipermail/keycloak-dev/2015-July/004924.html" rel="noreferrer" target="_blank">http://lists.jboss.org/pipermail/keycloak-dev/2015-July/004924.html</a>,<br>
>> wishing he could drop Mongo and not seeing any advantages of using<br>
>> Mongo, but unfortunately the thread does not end with a<br>
>> conclusion/decision :-)<br>
>><br>
>> What is the current position of the Keycloak team about using Mongo?<br>
><br>
> We added Mongo support very early (somewhen around 2013) as an alternative<br>
> storage, which was at that time required by other project, which consumed<br>
> keycloak. The second project (Liveoak) is not under active development<br>
> anymore, but in the meantime, a lot of people started to use Keycloak with<br>
> Mongo and it seems that some of them already in production.<br>
><br>
> The advantage of Mongo is good performance and scalability. At some point,<br>
> when I tested performance with bigger number of users, I saw much better<br>
> performance for Mongo then for MySQL. Also Mongo has support for DB<br>
> clustering and sharding (some RDBMS has it too AFAIK, but usually you need<br>
> to pay for them, which is not the case with Mongo ;)) . On the other hand,<br>
> biggest disadvantage of Mongo is missing support for transactions. So in<br>
> theory, if some error/bad situation happens, you can theoretically end with<br>
> partially inconsistent data in DB.<br>
><br>
> Marek<br>
>><br>
>><br>
>> In which scenario should I consider using MongoDB over an RDBMS or<br>
>> vice versa? There are off course the usual pro/con's between NoSQL and<br>
>> RDBMS, but I would like to know to what extend they hold true when it<br>
>> comes to using Keycloak in production or whether Keycloak is optimized<br>
>> specifically for NoSQL or RDBMS.<br>
>><br>
>> Regards,<br>
>><br>
>> Ton<br>
>><br>
><br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
<<a href="http://www.finalist.nl" rel="noreferrer" target="_blank">http://www.finalist.nl</a>><br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>