<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>In your validateAndProxy() method you call getUserDetails() which
is calling user.setFirstName, setLastName. So, basically every
time the user is queried via getUserByUsername(), you are doing</p>
<p>1) A database update</p>
<p>2) Invalidating the user cache across the cluster</p>
<p><br>
</p>
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 6/13/16 6:35 AM, Thomas Connolly
wrote:<br>
</div>
<blockquote
cite="mid:998128545.2041363.1465814126838.JavaMail.yahoo@mail.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:HelveticaNeue-Light, Helvetica Neue Light, Helvetica
Neue, Helvetica, Arial, Lucida Grande,
sans-serif;font-size:10px">
<div><span>Hi Marek</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_67063"><span><br>
</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_67063" dir="ltr"><span
style="font-family: HelveticaNeue, "Helvetica
Neue", Helvetica, Arial, "Lucida Grande",
sans-serif; font-size: 16px;"
id="yui_3_16_0_ym19_1_1465352442485_67082">> Thanks,
AFAIK we didn't tried much performance testing with
federationProviders enabled. It's on todo list though. Also
we plan some refactoring of userStorage + userFederation, so
we will likely go into it later.</span><br
style="font-family: HelveticaNeue, "Helvetica
Neue", Helvetica, Arial, "Lucida Grande",
sans-serif; font-size: 16px;"
id="yui_3_16_0_ym19_1_1465352442485_67083" clear="none">
<br>
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67063" dir="ltr">Yes
and we've found it is a major bottleneck in our system testing
(using stub to remove internal back end dependencies). </div>
<div id="yui_3_16_0_ym19_1_1465352442485_67063" dir="ltr">Can
you suggest any short term measures to improve performance,
we're blocked from pushing this to production at the moment?</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67063" dir="ltr">This
is a major feature of the system I'm guessing this affects the
LDAP / AD integration / federator performance too.</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67063" dir="ltr">Do you
have any timeframe around the priority to address this?</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67063" dir="ltr"><br
id="yui_3_16_0_ym19_1_1465352442485_67084" clear="none">
<span style="font-family: HelveticaNeue, "Helvetica
Neue", Helvetica, Arial, "Lucida Grande",
sans-serif; font-size: 16px;"
id="yui_3_16_0_ym19_1_1465352442485_67085">> For your
case, the performance bottleneck can be in your
federationProvider implementation, so I am not sure if it's
the issue in Keycloak or rather issue in your
implementation. </span><br style="font-family:
HelveticaNeue, "Helvetica Neue", Helvetica, Arial,
"Lucida Grande", sans-serif; font-size: 16px;"
id="yui_3_16_0_ym19_1_1465352442485_67086" clear="none">
<br style="font-family: HelveticaNeue, "Helvetica
Neue", Helvetica, Arial, "Lucida Grande",
sans-serif; font-size: 16px;"
id="yui_3_16_0_ym19_1_1465352442485_67087" clear="none">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67063">As indicated
we've created a stub implementation, code included below, to
demonstrate there is an issue calling a federator in KC.</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67063"><br>
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67063">/** Code snippet
**/</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66358"><span
id="yui_3_16_0_ym19_1_1465352442485_66359">public</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66360">class</span>
StubFederationProvider <span
id="yui_3_16_0_ym19_1_1465352442485_66361">implements</span>
UserFederationProvider {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66362"><span
id="yui_3_16_0_ym19_1_1465352442485_66363"> </span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66364"> <span
id="yui_3_16_0_ym19_1_1465352442485_66365">private</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66366">static</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66367">final</span>
Logger <span id="yui_3_16_0_ym19_1_1465352442485_66368">logger</span>
= Logger.getLogger(StubFederationProvider.<span
id="yui_3_16_0_ym19_1_1465352442485_66369">class</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66370"> <span
id="yui_3_16_0_ym19_1_1465352442485_66371">protected</span>
KeycloakSession <span
id="yui_3_16_0_ym19_1_1465352442485_66372">session</span>;</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66373"> <span
id="yui_3_16_0_ym19_1_1465352442485_66374">protected</span>
UserFederationProviderModel <span
id="yui_3_16_0_ym19_1_1465352442485_66375">model</span>;</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66376"><br
id="yui_3_16_0_ym19_1_1465352442485_66377">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66378"><span
id="yui_3_16_0_ym19_1_1465352442485_66379"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66380">public</span>
StubFederationProvider(KeycloakSession <span
id="yui_3_16_0_ym19_1_1465352442485_66381">session</span>,
UserFederationProviderModel <span
id="yui_3_16_0_ym19_1_1465352442485_66382">model</span>){</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66383"> <span
id="yui_3_16_0_ym19_1_1465352442485_66384">this</span>.<span
id="yui_3_16_0_ym19_1_1465352442485_66385">session</span> =
<span id="yui_3_16_0_ym19_1_1465352442485_66386">session</span>;</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66387"> <span
id="yui_3_16_0_ym19_1_1465352442485_66388">this</span>.<span
id="yui_3_16_0_ym19_1_1465352442485_66389">model</span> = <span
id="yui_3_16_0_ym19_1_1465352442485_66390">model</span>;</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66391"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66392"><br
id="yui_3_16_0_ym19_1_1465352442485_66393">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66394"> <span
id="yui_3_16_0_ym19_1_1465352442485_66395">public</span>
UserFederationProviderModel getModel() {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66396"> <span
id="yui_3_16_0_ym19_1_1465352442485_66397">return</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66398">model</span>;</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66399"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66400"><br
id="yui_3_16_0_ym19_1_1465352442485_66401">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66402"><span
id="yui_3_16_0_ym19_1_1465352442485_66403"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66404"><span
id="yui_3_16_0_ym19_1_1465352442485_66405"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66406">public</span>
UserModel getUserByUsername(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66407">realm</span>,
String <span id="yui_3_16_0_ym19_1_1465352442485_66408">username</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66409"><br
id="yui_3_16_0_ym19_1_1465352442485_66410">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66411"><span
id="yui_3_16_0_ym19_1_1465352442485_66412"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66413"> </span>UserModel
<span id="yui_3_16_0_ym19_1_1465352442485_66414">userModel</span>
= addUserModelToUserStorage(<span
id="yui_3_16_0_ym19_1_1465352442485_66415">realm</span>, <span
id="yui_3_16_0_ym19_1_1465352442485_66416">username</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66417"><span
id="yui_3_16_0_ym19_1_1465352442485_66418"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66419"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66420">userModel</span>.setEnabled(<span
id="yui_3_16_0_ym19_1_1465352442485_66421">true</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66422"><span
id="yui_3_16_0_ym19_1_1465352442485_66423"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66424"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66425">userModel</span>.setFederationLink(<span
id="yui_3_16_0_ym19_1_1465352442485_66426">model</span>.getId());</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66427"><br
id="yui_3_16_0_ym19_1_1465352442485_66428">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66429"><span
id="yui_3_16_0_ym19_1_1465352442485_66430"><span
id="yui_3_16_0_ym19_1_1465352442485_66431"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66432"> </span></span><span
id="yui_3_16_0_ym19_1_1465352442485_66433">return</span><span
id="yui_3_16_0_ym19_1_1465352442485_66434"> </span>userModel<span
id="yui_3_16_0_ym19_1_1465352442485_66435">;</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66436"><span
id="yui_3_16_0_ym19_1_1465352442485_66437"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66438"><br
id="yui_3_16_0_ym19_1_1465352442485_66439">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66440"><span
id="yui_3_16_0_ym19_1_1465352442485_66441"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66442">protected</span>
UserModel addUserModelToUserStorage(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66443">realm</span>,
String <span id="yui_3_16_0_ym19_1_1465352442485_66444">username</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66445"><span
id="yui_3_16_0_ym19_1_1465352442485_66446"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66447"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66448">return</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66449">session</span>.userStorage().addUser(<span
id="yui_3_16_0_ym19_1_1465352442485_66450">realm</span>, <span
id="yui_3_16_0_ym19_1_1465352442485_66451">username</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66452"><span
id="yui_3_16_0_ym19_1_1465352442485_66453"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66454"><br
id="yui_3_16_0_ym19_1_1465352442485_66455">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66456"><span
id="yui_3_16_0_ym19_1_1465352442485_66457"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66458"> <span
id="yui_3_16_0_ym19_1_1465352442485_66459">public</span>
UserModel getUserByEmail(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66460">realm</span>,
String <span id="yui_3_16_0_ym19_1_1465352442485_66461">email</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66462"> <span
id="yui_3_16_0_ym19_1_1465352442485_66463">return</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66464">null</span>;</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66465"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66466"><br
id="yui_3_16_0_ym19_1_1465352442485_66467">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66468"><span
id="yui_3_16_0_ym19_1_1465352442485_66469"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66470"> <span
id="yui_3_16_0_ym19_1_1465352442485_66471">public</span>
List<UserModel> searchByAttributes(Map<String,
String> <span id="yui_3_16_0_ym19_1_1465352442485_66472">attributes</span>,
RealmModel <span id="yui_3_16_0_ym19_1_1465352442485_66473">realm</span>,
<span id="yui_3_16_0_ym19_1_1465352442485_66474">int</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66475">maxResults</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66476"> <span
id="yui_3_16_0_ym19_1_1465352442485_66477">return</span>
Collections.emptyList();</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66478"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66479"><br
id="yui_3_16_0_ym19_1_1465352442485_66480">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66481"><span
id="yui_3_16_0_ym19_1_1465352442485_66482"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66483"><span
id="yui_3_16_0_ym19_1_1465352442485_66484"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66485">public</span>
List<UserModel> getGroupMembers(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66486">realm</span>,
GroupModel <span id="yui_3_16_0_ym19_1_1465352442485_66487">group</span>,
<span id="yui_3_16_0_ym19_1_1465352442485_66488">int</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66489">firstResult</span>,
<span id="yui_3_16_0_ym19_1_1465352442485_66490">int</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66491">maxResults</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66492"><span
id="yui_3_16_0_ym19_1_1465352442485_66493"><span
id="yui_3_16_0_ym19_1_1465352442485_66494"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66495"> </span></span>return<span
id="yui_3_16_0_ym19_1_1465352442485_66496"> </span>null<span
id="yui_3_16_0_ym19_1_1465352442485_66497">;</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66498"><span
id="yui_3_16_0_ym19_1_1465352442485_66499"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66500"><br
id="yui_3_16_0_ym19_1_1465352442485_66501">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66502"><span
id="yui_3_16_0_ym19_1_1465352442485_66503"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66504"> <span
id="yui_3_16_0_ym19_1_1465352442485_66505">public</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66506">void</span>
preRemove(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66507">realm</span>) {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66508"><span
id="yui_3_16_0_ym19_1_1465352442485_66509"> </span>//
complete We don't care about the realm being removed</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66510"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66511"><br
id="yui_3_16_0_ym19_1_1465352442485_66512">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66513"><span
id="yui_3_16_0_ym19_1_1465352442485_66514"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66515"> <span
id="yui_3_16_0_ym19_1_1465352442485_66516">public</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66517">void</span>
preRemove(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66518">realm</span>,
RoleModel <span id="yui_3_16_0_ym19_1_1465352442485_66519">role</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66520"><span
id="yui_3_16_0_ym19_1_1465352442485_66521"> </span>//
complete we dont'care if a role is removed</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66522"><br
id="yui_3_16_0_ym19_1_1465352442485_66523">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66524"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66525"><br
id="yui_3_16_0_ym19_1_1465352442485_66526">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66527"><span
id="yui_3_16_0_ym19_1_1465352442485_66528"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66529"><span
id="yui_3_16_0_ym19_1_1465352442485_66530"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66531">public</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66532">void</span>
preRemove(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66533">realmModel</span>,
GroupModel <span id="yui_3_16_0_ym19_1_1465352442485_66534">groupModel</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66535"><span
id="yui_3_16_0_ym19_1_1465352442485_66536"><span
id="yui_3_16_0_ym19_1_1465352442485_66537"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66538"> </span></span>//
complete we dont'care if a role is removed</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66539"><span
id="yui_3_16_0_ym19_1_1465352442485_66540"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66541"><br
id="yui_3_16_0_ym19_1_1465352442485_66542">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66543">@Override<br>
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66555"><span
id="yui_3_16_0_ym19_1_1465352442485_66556"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66557">public</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66558">boolean</span>
isValid(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66559">realm</span>,
UserModel <span id="yui_3_16_0_ym19_1_1465352442485_66560">local</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66561"><br
id="yui_3_16_0_ym19_1_1465352442485_66562">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66563"><span
id="yui_3_16_0_ym19_1_1465352442485_66564"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66565"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66566">return</span>
userExists(<span id="yui_3_16_0_ym19_1_1465352442485_66567">local</span>.getUsername());</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66568"><span
id="yui_3_16_0_ym19_1_1465352442485_66569"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66570"><span
id="yui_3_16_0_ym19_1_1465352442485_66571"> </span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66572"> <span
id="yui_3_16_0_ym19_1_1465352442485_66573">/**</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66574"> * Returns
supported credentials by this <span
id="yui_3_16_0_ym19_1_1465352442485_66575">federator</span>.
PASSWORD is always supported but TOTP is optional for each
user.</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66576"> *</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66577"> * <span
id="yui_3_16_0_ym19_1_1465352442485_66578">@param</span>
user</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66579"> * <span
id="yui_3_16_0_ym19_1_1465352442485_66580">@return</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66581"> */</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66582"><span
id="yui_3_16_0_ym19_1_1465352442485_66583"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66584"> <span
id="yui_3_16_0_ym19_1_1465352442485_66585">public</span>
Set<String> getSupportedCredentialTypes(UserModel <span
id="yui_3_16_0_ym19_1_1465352442485_66586">user</span>) {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66587"><span
id="yui_3_16_0_ym19_1_1465352442485_66588"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66589"> </span>Set<String>
<span id="yui_3_16_0_ym19_1_1465352442485_66590">supportedCredentialTypes</span>
= <span id="yui_3_16_0_ym19_1_1465352442485_66591">new</span>
HashSet<>();</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66592"><br
id="yui_3_16_0_ym19_1_1465352442485_66593">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66594"><span
id="yui_3_16_0_ym19_1_1465352442485_66595"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66596"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66597">supportedCredentialTypes</span>.add(UserCredentialModel.<span
id="yui_3_16_0_ym19_1_1465352442485_66598">PASSWORD</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66599"><br
id="yui_3_16_0_ym19_1_1465352442485_66600">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66601"><span
id="yui_3_16_0_ym19_1_1465352442485_66602"><span
id="yui_3_16_0_ym19_1_1465352442485_66603"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66604"> </span></span>//
check for any <span
id="yui_3_16_0_ym19_1_1465352442485_66605">otp</span>
configured on this user</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66606"><span
id="yui_3_16_0_ym19_1_1465352442485_66607"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66608"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66609">if</span> (<span
id="yui_3_16_0_ym19_1_1465352442485_66610">user</span>.isOtpEnabled())
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66611"><span
id="yui_3_16_0_ym19_1_1465352442485_66612"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66613"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66614"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66615">supportedCredentialTypes</span>.add(UserCredentialModel.<span
id="yui_3_16_0_ym19_1_1465352442485_66616">TOTP</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66617"><span
id="yui_3_16_0_ym19_1_1465352442485_66618"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66619"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66620"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66621">supportedCredentialTypes</span>.add(UserCredentialModel.<span
id="yui_3_16_0_ym19_1_1465352442485_66622">HOTP</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66623"><span
id="yui_3_16_0_ym19_1_1465352442485_66624"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66625"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66626"><br
id="yui_3_16_0_ym19_1_1465352442485_66627">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66628"><span
id="yui_3_16_0_ym19_1_1465352442485_66629"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66630">return</span><span
id="yui_3_16_0_ym19_1_1465352442485_66631"> </span>supportedCredentialTypes<span
id="yui_3_16_0_ym19_1_1465352442485_66632">;</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66633"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66634"><br
id="yui_3_16_0_ym19_1_1465352442485_66635">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66636"><span
id="yui_3_16_0_ym19_1_1465352442485_66637"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66638"> <span
id="yui_3_16_0_ym19_1_1465352442485_66639">public</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66640">boolean</span>
validCredentials(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66641">realm</span>,
UserModel <span id="yui_3_16_0_ym19_1_1465352442485_66642">user</span>,
List<UserCredentialModel> <span
id="yui_3_16_0_ym19_1_1465352442485_66643">input</span>) {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66644"> <span
id="yui_3_16_0_ym19_1_1465352442485_66645">for</span>
(UserCredentialModel <span
id="yui_3_16_0_ym19_1_1465352442485_66646">cred</span> : <span
id="yui_3_16_0_ym19_1_1465352442485_66647">input</span>) {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66648"> <span
id="yui_3_16_0_ym19_1_1465352442485_66649">if</span> (<span
id="yui_3_16_0_ym19_1_1465352442485_66650">cred</span>.getType().equals(UserCredentialModel.<span
id="yui_3_16_0_ym19_1_1465352442485_66651">PASSWORD</span>))
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66652"> <span
id="yui_3_16_0_ym19_1_1465352442485_66653"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66654">return</span>
validate(<span id="yui_3_16_0_ym19_1_1465352442485_66655">user</span>,
<span id="yui_3_16_0_ym19_1_1465352442485_66656">cred</span>.getValue());</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66657"> } <span
id="yui_3_16_0_ym19_1_1465352442485_66658">else</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66659">if</span> (<span
id="yui_3_16_0_ym19_1_1465352442485_66660">cred</span>.getType().equals(UserCredentialModel.<span
id="yui_3_16_0_ym19_1_1465352442485_66661">TOTP</span>)) {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66662"><span
id="yui_3_16_0_ym19_1_1465352442485_66663"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66664"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66665"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66666"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66667">return</span>
CredentialValidation.validTOTP(<span
id="yui_3_16_0_ym19_1_1465352442485_66668">realm</span>, <span
id="yui_3_16_0_ym19_1_1465352442485_66669">user</span>, <span
id="yui_3_16_0_ym19_1_1465352442485_66670">cred</span>.getValue());</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66671"><span
id="yui_3_16_0_ym19_1_1465352442485_66672"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66673"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66674"> </span>} <span
id="yui_3_16_0_ym19_1_1465352442485_66675">else</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66676">if</span> (<span
id="yui_3_16_0_ym19_1_1465352442485_66677">cred</span>.getType().equals(UserCredentialModel.<span
id="yui_3_16_0_ym19_1_1465352442485_66678">HOTP</span>)) {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66679"><span
id="yui_3_16_0_ym19_1_1465352442485_66680"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66681"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66682"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66683"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66684">return</span>
CredentialValidation.validHOTP(<span
id="yui_3_16_0_ym19_1_1465352442485_66685">realm</span>, <span
id="yui_3_16_0_ym19_1_1465352442485_66686">user</span>, <span
id="yui_3_16_0_ym19_1_1465352442485_66687">cred</span>.getValue());</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66688"><span
id="yui_3_16_0_ym19_1_1465352442485_66689"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66690"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66691"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66692"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66693"><span
id="yui_3_16_0_ym19_1_1465352442485_66694"> </span>return<span
id="yui_3_16_0_ym19_1_1465352442485_66695"> </span>false<span
id="yui_3_16_0_ym19_1_1465352442485_66696">;</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66697"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66698"><br
id="yui_3_16_0_ym19_1_1465352442485_66699">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66700"><span
id="yui_3_16_0_ym19_1_1465352442485_66701"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66702"> <span
id="yui_3_16_0_ym19_1_1465352442485_66703">public</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66704">boolean</span>
validCredentials(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66705">realm</span>,
UserModel <span id="yui_3_16_0_ym19_1_1465352442485_66706">user</span>,
UserCredentialModel... <span
id="yui_3_16_0_ym19_1_1465352442485_66707">input</span>) {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66708"> <span
id="yui_3_16_0_ym19_1_1465352442485_66709">for</span>
(UserCredentialModel <span
id="yui_3_16_0_ym19_1_1465352442485_66710">cred</span> : <span
id="yui_3_16_0_ym19_1_1465352442485_66711">input</span>) {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66712"> <span
id="yui_3_16_0_ym19_1_1465352442485_66713">if</span> (<span
id="yui_3_16_0_ym19_1_1465352442485_66714">cred</span>.getType().equals(UserCredentialModel.<span
id="yui_3_16_0_ym19_1_1465352442485_66715">PASSWORD</span>))
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66716"> <span
id="yui_3_16_0_ym19_1_1465352442485_66717"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66718">return</span>
validate(<span id="yui_3_16_0_ym19_1_1465352442485_66719">user</span>,
<span id="yui_3_16_0_ym19_1_1465352442485_66720">cred</span>.getValue());</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66721"> } <span
id="yui_3_16_0_ym19_1_1465352442485_66722">else</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66723">if</span> (<span
id="yui_3_16_0_ym19_1_1465352442485_66724">cred</span>.getType().equals(UserCredentialModel.<span
id="yui_3_16_0_ym19_1_1465352442485_66725">TOTP</span>)) {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66726"><span
id="yui_3_16_0_ym19_1_1465352442485_66727"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66728"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66729"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66730"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66731">return</span>
CredentialValidation.validTOTP(<span
id="yui_3_16_0_ym19_1_1465352442485_66732">realm</span>, <span
id="yui_3_16_0_ym19_1_1465352442485_66733">user</span>, <span
id="yui_3_16_0_ym19_1_1465352442485_66734">cred</span>.getValue());</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66735"><span
id="yui_3_16_0_ym19_1_1465352442485_66736"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66737"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66738"> </span>} <span
id="yui_3_16_0_ym19_1_1465352442485_66739">else</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66740">if</span> (<span
id="yui_3_16_0_ym19_1_1465352442485_66741">cred</span>.getType().equals(UserCredentialModel.<span
id="yui_3_16_0_ym19_1_1465352442485_66742">HOTP</span>)) {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66743"><span
id="yui_3_16_0_ym19_1_1465352442485_66744"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66745"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66746"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66747"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66748">return</span>
CredentialValidation.validHOTP(<span
id="yui_3_16_0_ym19_1_1465352442485_66749">realm</span>, <span
id="yui_3_16_0_ym19_1_1465352442485_66750">user</span>, <span
id="yui_3_16_0_ym19_1_1465352442485_66751">cred</span>.getValue());</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66752"><span
id="yui_3_16_0_ym19_1_1465352442485_66753"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66754"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66755"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66756"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66757"><span
id="yui_3_16_0_ym19_1_1465352442485_66758"> </span>return<span
id="yui_3_16_0_ym19_1_1465352442485_66759"> </span>false<span
id="yui_3_16_0_ym19_1_1465352442485_66760">;</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66761"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66762"><br
id="yui_3_16_0_ym19_1_1465352442485_66763">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66764"><span
id="yui_3_16_0_ym19_1_1465352442485_66765"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66766"> <span
id="yui_3_16_0_ym19_1_1465352442485_66767">public</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66768">void</span>
close() {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66769"><br
id="yui_3_16_0_ym19_1_1465352442485_66770">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66771"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66772"> </div>
<div id="yui_3_16_0_ym19_1_1465352442485_66773"> <span
id="yui_3_16_0_ym19_1_1465352442485_66774">/**</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66775"> * <span
id="yui_3_16_0_ym19_1_1465352442485_66776">Keycloak</span>
will call this method if it finds an imported UserModel. Here
we <span id="yui_3_16_0_ym19_1_1465352442485_66777">proxy</span>
the UserModel with</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66778"> * a <span
id="yui_3_16_0_ym19_1_1465352442485_66779">Readonly</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66780">proxy</span>
which will <span id="yui_3_16_0_ym19_1_1465352442485_66781">barf</span>
if password is updated.</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66782"> *</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66783"> * <span
id="yui_3_16_0_ym19_1_1465352442485_66784">@param</span>
local</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66785"> * <span
id="yui_3_16_0_ym19_1_1465352442485_66786">@return</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66787"> */</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66788"><span
id="yui_3_16_0_ym19_1_1465352442485_66789"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66790"><span
id="yui_3_16_0_ym19_1_1465352442485_66791"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66792">public</span>
UserModel validateAndProxy(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66793">realm</span>,
UserModel <span id="yui_3_16_0_ym19_1_1465352442485_66794">local</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66795"><span
id="yui_3_16_0_ym19_1_1465352442485_66796"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66797"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66798">if</span>
(isValid(<span id="yui_3_16_0_ym19_1_1465352442485_66799">realm</span>,
<span id="yui_3_16_0_ym19_1_1465352442485_66800">local</span>))
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66801"><span
id="yui_3_16_0_ym19_1_1465352442485_66802"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66803"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66804"> </span>getUserDetails(<span
id="yui_3_16_0_ym19_1_1465352442485_66805">local</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66806"><span
id="yui_3_16_0_ym19_1_1465352442485_66807"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66808"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66809"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66810">return</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66811">new</span>
StubUserModelProxy(<span
id="yui_3_16_0_ym19_1_1465352442485_66812">local</span>, <span
id="yui_3_16_0_ym19_1_1465352442485_66813">this</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66814"><span
id="yui_3_16_0_ym19_1_1465352442485_66815"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66816"> </span>} <span
id="yui_3_16_0_ym19_1_1465352442485_66817">else</span> {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66818"><span
id="yui_3_16_0_ym19_1_1465352442485_66819"><span
id="yui_3_16_0_ym19_1_1465352442485_66820"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66821"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66822"> </span></span>return<span
id="yui_3_16_0_ym19_1_1465352442485_66823"> </span>null<span
id="yui_3_16_0_ym19_1_1465352442485_66824">;</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66825"><span
id="yui_3_16_0_ym19_1_1465352442485_66826"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66827"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66828"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66829"><br
id="yui_3_16_0_ym19_1_1465352442485_66830">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66831"><span
id="yui_3_16_0_ym19_1_1465352442485_66832"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66833"> <span
id="yui_3_16_0_ym19_1_1465352442485_66834">public</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66835">boolean</span>
synchronizeRegistrations() {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66836"> <span
id="yui_3_16_0_ym19_1_1465352442485_66837">return</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66838">true</span>;</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66839"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66840"><br
id="yui_3_16_0_ym19_1_1465352442485_66841">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66842"> <span
id="yui_3_16_0_ym19_1_1465352442485_66843">/**</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66844"> * Called if
this federation provider has priority and supports
synchronized registrations.</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66845"> *</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66846"> * <span
id="yui_3_16_0_ym19_1_1465352442485_66847">@param</span>
realm</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66848"> * <span
id="yui_3_16_0_ym19_1_1465352442485_66849">@param</span>
user</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66850"> * <span
id="yui_3_16_0_ym19_1_1465352442485_66851">@return</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66852"> */</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66853"><span
id="yui_3_16_0_ym19_1_1465352442485_66854"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66855"> <span
id="yui_3_16_0_ym19_1_1465352442485_66856">public</span>
UserModel register(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66857">realm</span>,
UserModel <span id="yui_3_16_0_ym19_1_1465352442485_66858">user</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66859"><br
id="yui_3_16_0_ym19_1_1465352442485_66860">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66861"><span
id="yui_3_16_0_ym19_1_1465352442485_66882">user</span>.setSingleAttribute(<span
id="yui_3_16_0_ym19_1_1465352442485_66883">"status"</span>,
<span id="yui_3_16_0_ym19_1_1465352442485_66884">"OK"</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66887"><span
id="yui_3_16_0_ym19_1_1465352442485_66888"><span
id="yui_3_16_0_ym19_1_1465352442485_66889"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66890"> </span></span>return<span
id="yui_3_16_0_ym19_1_1465352442485_66891"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66892">user</span><span
id="yui_3_16_0_ym19_1_1465352442485_66893">;</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66894"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66895"><br
id="yui_3_16_0_ym19_1_1465352442485_66896">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66897"><span
id="yui_3_16_0_ym19_1_1465352442485_66898"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66899"> <span
id="yui_3_16_0_ym19_1_1465352442485_66900">public</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66901">boolean</span>
removeUser(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66902">realm</span>,
UserModel <span id="yui_3_16_0_ym19_1_1465352442485_66903">user</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66904"><span
id="yui_3_16_0_ym19_1_1465352442485_66905"><span
id="yui_3_16_0_ym19_1_1465352442485_66906"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66907"> </span></span>//
Not supported. Used as a part of the Workaround to
<a class="moz-txt-link-freetext" href="https://issues.jboss.org/browse/KEYCLOAK-1075">https://issues.jboss.org/browse/KEYCLOAK-1075</a></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66908"><span
id="yui_3_16_0_ym19_1_1465352442485_66909"><span
id="yui_3_16_0_ym19_1_1465352442485_66910"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66911"> </span></span>return<span
id="yui_3_16_0_ym19_1_1465352442485_66912"> </span>true<span
id="yui_3_16_0_ym19_1_1465352442485_66913">;</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66914"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66915"><br
id="yui_3_16_0_ym19_1_1465352442485_66916">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66917"><span
id="yui_3_16_0_ym19_1_1465352442485_66918"> </span>/**</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66919"><span
id="yui_3_16_0_ym19_1_1465352442485_66920"> </span> *
Supported credentials by this <span
id="yui_3_16_0_ym19_1_1465352442485_66921">federator</span>.
PASSWORD is a supported type. TOTP depends on the user.</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66922"><span
id="yui_3_16_0_ym19_1_1465352442485_66923"> </span> *</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66924"><span
id="yui_3_16_0_ym19_1_1465352442485_66925"> </span> * <span
id="yui_3_16_0_ym19_1_1465352442485_66926">@return</span>
supportedCredentialTypes</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66927"><span
id="yui_3_16_0_ym19_1_1465352442485_66928"> </span> */</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66929"><span
id="yui_3_16_0_ym19_1_1465352442485_66930"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66931"><span
id="yui_3_16_0_ym19_1_1465352442485_66932"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66933">public</span>
Set<String> getSupportedCredentialTypes() {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66934"><span
id="yui_3_16_0_ym19_1_1465352442485_66935"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66936"> </span>Set<String>
<span id="yui_3_16_0_ym19_1_1465352442485_66937">supportedCredentialTypes</span>
= <span id="yui_3_16_0_ym19_1_1465352442485_66938">new</span>
HashSet<>();</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66939"><span
id="yui_3_16_0_ym19_1_1465352442485_66940"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66941"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66942">supportedCredentialTypes</span>.add(UserCredentialModel.<span
id="yui_3_16_0_ym19_1_1465352442485_66943">PASSWORD</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66944"><span
id="yui_3_16_0_ym19_1_1465352442485_66945"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66946"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66947">supportedCredentialTypes</span>.add(UserCredentialModel.<span
id="yui_3_16_0_ym19_1_1465352442485_66948">TOTP</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66949"><span
id="yui_3_16_0_ym19_1_1465352442485_66950"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66951"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66952">supportedCredentialTypes</span>.add(UserCredentialModel.<span
id="yui_3_16_0_ym19_1_1465352442485_66953">HOTP</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66954"><span
id="yui_3_16_0_ym19_1_1465352442485_66955"><span
id="yui_3_16_0_ym19_1_1465352442485_66956"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66957"> </span></span><span
id="yui_3_16_0_ym19_1_1465352442485_66958">return</span><span
id="yui_3_16_0_ym19_1_1465352442485_66959"> </span>supportedCredentialTypes<span
id="yui_3_16_0_ym19_1_1465352442485_66960">;</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66961"><span
id="yui_3_16_0_ym19_1_1465352442485_66962"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66963"><br
id="yui_3_16_0_ym19_1_1465352442485_66964">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66965"><span
id="yui_3_16_0_ym19_1_1465352442485_66966"> </span>@Override</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66967"><span
id="yui_3_16_0_ym19_1_1465352442485_66968"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66969">public</span>
CredentialValidationOutput validCredentials(RealmModel <span
id="yui_3_16_0_ym19_1_1465352442485_66970">realm</span>,
UserCredentialModel <span
id="yui_3_16_0_ym19_1_1465352442485_66971">credential</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66972"> <span
id="yui_3_16_0_ym19_1_1465352442485_66973">throw</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66974">new</span>
IllegalStateException(<span
id="yui_3_16_0_ym19_1_1465352442485_66975">"validCredentials
not supported"</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66976"><span
id="yui_3_16_0_ym19_1_1465352442485_66977"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66978"><br
id="yui_3_16_0_ym19_1_1465352442485_66979">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66980"><span
id="yui_3_16_0_ym19_1_1465352442485_66981"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66982">private</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66983">boolean</span>
userExists(String <span
id="yui_3_16_0_ym19_1_1465352442485_66984">username</span>)<span
id="yui_3_16_0_ym19_1_1465352442485_66985"> </span>{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66986"><span
id="yui_3_16_0_ym19_1_1465352442485_66987"> <span
id="yui_3_16_0_ym19_1_1465352442485_66988"> </span></span>return<span
id="yui_3_16_0_ym19_1_1465352442485_66989"> </span>true<span
id="yui_3_16_0_ym19_1_1465352442485_66990">;</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66991"> }</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66992"><span
id="yui_3_16_0_ym19_1_1465352442485_66993"> </span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_66994"><span
id="yui_3_16_0_ym19_1_1465352442485_66995"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_66996">private</span> <span
id="yui_3_16_0_ym19_1_1465352442485_66997">void</span>
getUserDetails(UserModel <span
id="yui_3_16_0_ym19_1_1465352442485_66998">user</span>) {</div>
<div id="yui_3_16_0_ym19_1_1465352442485_66999"><span
id="yui_3_16_0_ym19_1_1465352442485_67000"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_67001"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_67002">user</span>.setFirstName(<span
id="yui_3_16_0_ym19_1_1465352442485_67003">"first name"</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67004"><span
id="yui_3_16_0_ym19_1_1465352442485_67005"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_67006"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_67007">user</span>.setLastName(<span
id="yui_3_16_0_ym19_1_1465352442485_67008">"last name"</span>);</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67009"><span
id="yui_3_16_0_ym19_1_1465352442485_67010"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67011"><br
id="yui_3_16_0_ym19_1_1465352442485_67012">
</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67013"><span
id="yui_3_16_0_ym19_1_1465352442485_67014"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_67015">public</span> <span
id="yui_3_16_0_ym19_1_1465352442485_67016">boolean</span>
validate(UserModel <span
id="yui_3_16_0_ym19_1_1465352442485_67017">user</span>,
String <span id="yui_3_16_0_ym19_1_1465352442485_67018">password</span>)
{</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67019"><span
id="yui_3_16_0_ym19_1_1465352442485_67020"><span
id="yui_3_16_0_ym19_1_1465352442485_67021"> </span><span
id="yui_3_16_0_ym19_1_1465352442485_67022"> </span></span>return<span
id="yui_3_16_0_ym19_1_1465352442485_67023"> </span>true<span
id="yui_3_16_0_ym19_1_1465352442485_67024">;</span></div>
<div id="yui_3_16_0_ym19_1_1465352442485_67025"><span
id="yui_3_16_0_ym19_1_1465352442485_67026"> </span>}</div>
<div id="yui_3_16_0_ym19_1_1465352442485_67027"><br
id="yui_3_16_0_ym19_1_1465352442485_67028">
</div>
<div dir="ltr">}</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">/** End Snippet **/ <br
id="yui_3_16_0_ym19_1_1465352442485_67029">
</div>
<div class="signature"
id="yui_3_16_0_ym19_1_1465352442485_64963"><br>
</div>
<div class="signature"
id="yui_3_16_0_ym19_1_1465352442485_64963">Regards Tom
Connolly.</div>
<div class="qtdSeparateBR"
id="yui_3_16_0_ym19_1_1465352442485_64962"><br>
<br>
</div>
<div class="yahoo_quoted" style="display: block;">
<div style="font-family: HelveticaNeue-Light, Helvetica Neue
Light, Helvetica Neue, Helvetica, Arial, Lucida Grande,
sans-serif; font-size: 10px;">
<div style="font-family: HelveticaNeue, Helvetica Neue,
Helvetica, Arial, Lucida Grande, sans-serif; font-size:
16px;">
<div dir="ltr"> <font face="Arial" size="2">
<hr size="1"> <b><span style="font-weight:bold;">From:</span></b>
Marek Posolda <a class="moz-txt-link-rfc2396E" href="mailto:mposolda@redhat.com"><mposolda@redhat.com></a><br>
<b><span style="font-weight: bold;">To:</span></b>
Thomas Connolly <a class="moz-txt-link-rfc2396E" href="mailto:thomas_connolly@yahoo.com"><thomas_connolly@yahoo.com></a>;
<a class="moz-txt-link-rfc2396E" href="mailto:keycloak-user@lists.jboss.org">"keycloak-user@lists.jboss.org"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:keycloak-user@lists.jboss.org"><keycloak-user@lists.jboss.org></a> <br>
<b><span style="font-weight: bold;">Sent:</span></b>
Monday, June 13, 2016 5:47 PM<br>
<b><span style="font-weight: bold;">Subject:</span></b>
Re: [keycloak-user] Performance issues with Federation
provider enabled<br>
</font> </div>
<div class="y_msg_container"><br>
<div id="yiv9564159418">
<div>
<div class="yiv9564159418moz-cite-prefix">Thanks,
AFAIK we didn't tried much performance testing
with federationProviders enabled. It's on todo
list though. Also we plan some refactoring of
userStorage + userFederation, so we will likely go
into it later.<br clear="none">
<br clear="none">
For your case, the performance bottleneck can be
in your federationProvider implementation, so I am
not sure if it's the issue in Keycloak or rather
issue in your implementation. <br clear="none">
<br clear="none">
One thing to note (maybe it's not an issue in your
case, but just adding it to be sure you're aware):
UserFederationProvider.close is currently not
called. So if you are rely on this method to free
any important resources related to your
implementation, you shouldn't as it doesn't work
right now. We are working on improving this for
next version.<br clear="none">
<br clear="none">
Marek<br clear="none">
<br clear="none">
On 13/06/16 07:57, Thomas Connolly wrote:<br
clear="none">
</div>
<blockquote type="cite">
<div class="yiv9564159418yqt8271556386"
id="yiv9564159418yqt43512">
<div
style="color:#000;background-color:#fff;font-family:HelveticaNeue-Light,
Helvetica Neue Light, Helvetica Neue,
Helvetica, Arial, Lucida Grande,
sans-serif;font-size:10px;">Hi Marek<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4190"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4191"
clear="none">
I'm working with Fabricio on the federation
performance issues with Keycloak.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4192"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4193"
clear="none">
In answer to your question we are using the
latest KC 1.9.7 version (we upgraded this week
from 1.9.2).<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4194"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4195"
clear="none">
To give you some indication of the running a
gatling direct access login test (results
below).<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4196"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4197"
clear="none">
As you can see below in (1) using KC out of
the box. Great performance - we saw 110 tx per
sec on a 4 core system.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4198"
clear="none">
<div
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4449">In
scenario (2) using a stubbed federator
(simply an echo plugin not connecting to any
back end services), performance is
unacceptable.</div>
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4200"
clear="none">
1) Not using the federator - Stub federator
(disabled) - while 29 tx per second we could
easily get to a stable 110 tx per second.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4201"
clear="none">
300 Users (hitting single server)<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4202"
clear="none">
---- Global Information
--------------------------------------------------------<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4203" clear="none">
> request
count
9185 (OK=9185 KO=0 )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4204"
clear="none">
> min response
time 18
(OK=18 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4205"
clear="none">
> max response
time 723
(OK=723 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4206"
clear="none">
> mean response
time 27
(OK=27 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4207"
clear="none">
> std
deviation
44 (OK=44 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4208"
clear="none">
> response time 50th
percentile 20
(OK=20 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4209"
clear="none">
> response time 75th
percentile 21
(OK=21 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4210"
clear="none">
> mean
requests/sec
29.626 (OK=29.626 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4211"
clear="none">
---- Response Time Distribution
------------------------------------------------<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4212" clear="none">
> t < 800
ms
9185 (100%)<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4213"
clear="none">
> 800 ms < t < 1200
ms 0 ( 0%)<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4214" clear="none">
> t > 1200
ms
0 ( 0%)<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4215"
clear="none">
>
failed
0 ( 0%)<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4216"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4217"
clear="none">
2) Stub federator (enabled)- if we brought
test down to 12 tx per second (about 90 users)
the response times dropped to < 1200 ms
response times, however not even close to
meeting out acceptance creteria.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4218"
clear="none">
300 Users (hitting single server) <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4219"
clear="none">
---- Global Information
--------------------------------------------------------<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4220" clear="none">
> request
count
8496 (OK=8496 KO=0 )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4221"
clear="none">
> min response
time 511
(OK=511 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4222"
clear="none">
> max response
time 11191
(OK=11191 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4223"
clear="none">
> mean response
time 6832
(OK=6832 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4224"
clear="none">
> std
deviation
2329 (OK=2329 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4225"
clear="none">
> response time 50th
percentile 7194
(OK=7194 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4226"
clear="none">
> response time 75th
percentile 8690
(OK=8690 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4227"
clear="none">
> mean
requests/sec
27.404 (OK=27.404 KO=- )<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4228"
clear="none">
---- Response Time Distribution
------------------------------------------------<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4229" clear="none">
> t < 800
ms
154 ( 2%)<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4230"
clear="none">
> 800 ms < t < 1200
ms 85 ( 1%)<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4231" clear="none">
> t > 1200
ms
8257 ( 97%)<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4232"
clear="none">
>
failed
0 ( 0%)<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4233"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4234"
clear="none">
This is currently a show stopper for us and is
blocking our path to production.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4235"
clear="none">
Do you run similar tests and how can we help
you optimise the performance?<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4236"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4237"
clear="none">
Regards<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4238"
clear="none">
Tom.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4239"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4240"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4241"
clear="none">
Date: Wed, 8 Jun 2016 12:28:19 +0200<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4242"
clear="none">
From: Marek Posolda <a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv9564159418moz-txt-link-rfc2396E"
ymailto="mailto:mposolda@redhat.com"
target="_blank"
href="mailto:mposolda@redhat.com"><mposolda@redhat.com></a><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4243" clear="none">
Subject: Re: [keycloak-user] Performance
issues with Federation<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4244"
clear="none">
provider enabled<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4245"
clear="none">
To: Fabricio Milone <a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv9564159418moz-txt-link-rfc2396E"
ymailto="mailto:fabricio.milone@shinetech.com"
target="_blank"
href="mailto:fabricio.milone@shinetech.com"><fabricio.milone@shinetech.com></a>,
keycloak-user<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4246"
clear="none">
<a moz-do-not-send="true" rel="nofollow"
shape="rect"
class="yiv9564159418moz-txt-link-rfc2396E"
ymailto="mailto:keycloak-user@lists.jboss.org"
target="_blank"
href="mailto:keycloak-user@lists.jboss.org"><keycloak-user@lists.jboss.org></a><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4247" clear="none">
Message-ID: <a moz-do-not-send="true"
rel="nofollow" shape="rect"
class="yiv9564159418moz-txt-link-rfc2396E"
ymailto="mailto:5757F343.1040803@redhat.com"
target="_blank"
href="mailto:5757F343.1040803@redhat.com"><5757F343.1040803@redhat.com></a><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4248" clear="none">
Content-Type: text/plain;
charset="windows-1252"<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4249"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4250"
clear="none">
Hi,<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4251"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4252"
clear="none">
what's the keycloak version used? Could you
try latest keycloak and <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4253"
clear="none">
check if performance is still the issue?<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4254"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4255"
clear="none">
Marek<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4256"
clear="none">
<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4257"
clear="none">
On 08/06/16 01:30, Fabricio Milone wrote:<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4258"
clear="none">
> Hi all,<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4259"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4260"
clear="none">
> I sent this email yesterday with 5 or
more attachments, so I think it <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4261"
clear="none">
> was blocked or something... here I go
again :)<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4262"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4263"
clear="none">
> I've been running load tests on our
application during the last few <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4264"
clear="none">
> weeks, and having some performance issues
when my custom federator is <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4265"
clear="none">
> enabled.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4266"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4267"
clear="none">
> The performance issue does not exist when
the federator is disabled.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4268"
clear="none">
> *Configuration*:<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4269"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4270"
clear="none">
> I have a cluster of 2 instances of
Keycloak, with a standalone DB, <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4271"
clear="none">
> we've verified the DB isn't an issue when
the federator is disabled. <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4272"
clear="none">
> Both instances have a quad core CPU and
they are in the same network. <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4273"
clear="none">
> We?ve left the memory at 512MB. The test
script, database and API that <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4274"
clear="none">
> connects to the federator are in separate
machines.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4275"
clear="none">
> *Federator*:<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4276"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4277"
clear="none">
> We have a simple custom federator that
makes calls to a very <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4278"
clear="none">
> performant api, which has been tested and
is ok. Additionally, we've <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4279"
clear="none">
> tested stubbing the API so the
performance is not a problem there. <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4280"
clear="none">
> This federator is using a jaxb marshaller
to create a request, again <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4281"
clear="none">
> tested in isolation and is performing
well.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4282"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4283"
clear="none">
> As the federator is doing a lot of calls
to the API (3 per login <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4284"
clear="none">
> request), I've implemented a httpclient
that uses a <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4285"
clear="none">
> PoolingHttpClientConnectionManager with
1000 connections available to <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4286"
clear="none">
> use, instead of using the standard apache
httpclient from http <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4287"
clear="none">
> components. That hasn't improved a bit
the performance of the system.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4288"
clear="none">
> *Tests*:<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4289"
clear="none">
> It is a gatling scala script that could
generate around ~300 (or more) <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4290"
clear="none">
> requests/second to the direct grants
login endpoint using random <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4291"
clear="none">
> usernames from a list (all of them
already registered using KC). The <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4292"
clear="none">
> script is doing a round robin across both
instances of Keycloak with <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4293"
clear="none">
> an even distribution to each KC instance.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4294" clear="none">
> The idea is simulate a load of 300 to
1500 concurrent users trying to <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4295"
clear="none">
> login into our systems.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4296"
clear="none">
> *Problem*:<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4297"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4298"
clear="none">
> If I run the tests without using a
federation I can see a very good <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4299"
clear="none">
> performance, but when I try to run the
tests with the custom <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4300"
clear="none">
> federation code, the performance drops
from ~150 requests/second to 22 <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4301"
clear="none">
> req/sec using both instances.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4302"
clear="none">
> Memory wise, it seems to be ok. I've
never seen an error related to <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4303"
clear="none">
> memory with this configuration, also if
you take a look at the <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4304"
clear="none">
> attached visualVM screenshot you'll see
that memory is not a problem <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4305"
clear="none">
> or it seems not to be.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4306"
clear="none">
> CPU utilisation is very low to my mind,
I'd expect more than 80% of <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4307"
clear="none">
> usage or something like that.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4308"
clear="none">
> There is a method that is leading the CPU
samples on VisualVM called <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4309"
clear="none">
> Semaphore.tryAcquire(). Not quite sure
what's that for, still <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4310"
clear="none">
> investigating.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4311"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4312"
clear="none">
> I can see that a lot of new threads are
being created when the test <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4313"
clear="none">
> starts, as it creates around
60requests/second to the direct grants <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4314"
clear="none">
> login call, but it seems to be a
bottleneck at some point.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4315"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4316"
clear="none">
> So I'm wondering if there is some
configuration I'm missing on <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4317"
clear="none">
> Keycloak side that could be affecting the
cluster performance when a <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4318"
clear="none">
> federator is enabled. Maybe something
related to jpa connections, <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4319"
clear="none">
> infinispan configuration or even wildfly.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4320" clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4321"
clear="none">
> I'd really appreciate your help on this
one as I'm out of ideas.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4322"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4323"
clear="none">
> I've attached some screenshots of
visualVM and tests results from my <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4324"
clear="none">
> last run today.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4325"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4326"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4327"
clear="none">
> Sorry for the long email and please let
me know if you need further <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4328"
clear="none">
> information.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4329"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4330"
clear="none">
> Thank you in advance,<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4331"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4332"
clear="none">
> Regards,<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4333"
clear="none">
> Fab<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4334"
clear="none">
><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4335"
clear="none">
> -- <br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4336"
clear="none">
> *Fabricio Milone*<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4337"
clear="none">
<div dir="ltr">> Developer</div>
</div>
</div>
<br clear="none">
<fieldset
class="yiv9564159418mimeAttachmentHeader"></fieldset>
<br clear="none">
<pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv9564159418moz-txt-link-abbreviated" ymailto="mailto:keycloak-user@lists.jboss.org" target="_blank" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv9564159418moz-txt-link-freetext" target="_blank" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br clear="none">
</div>
</div>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>