<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p>In your validateAndProxy() method you call getUserDetails() which
      is calling user.setFirstName, setLastName.  So, basically every
      time the user is queried via getUserByUsername(), you are doing</p>
    <p>1) A database update</p>
    <p>2) Invalidating the user cache across the cluster</p>
    <p><br>
    </p>
    <p><br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 6/13/16 6:35 AM, Thomas Connolly
      wrote:<br>
    </div>
    <blockquote
      cite="mid:998128545.2041363.1465814126838.JavaMail.yahoo@mail.yahoo.com"
      type="cite">
      <div style="color:#000; background-color:#fff;
        font-family:HelveticaNeue-Light, Helvetica Neue Light, Helvetica
        Neue, Helvetica, Arial, Lucida Grande,
        sans-serif;font-size:10px">
        <div><span>Hi Marek</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67063"><span><br>
          </span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67063" dir="ltr"><span
            style="font-family: HelveticaNeue, &quot;Helvetica
            Neue&quot;, Helvetica, Arial, &quot;Lucida Grande&quot;,
            sans-serif; font-size: 16px;"
            id="yui_3_16_0_ym19_1_1465352442485_67082">&gt; Thanks,
            AFAIK we didn't tried much performance testing with
            federationProviders enabled. It's on todo list though. Also
            we plan some refactoring of userStorage + userFederation, so
            we will likely go into it later.</span><br
            style="font-family: HelveticaNeue, &quot;Helvetica
            Neue&quot;, Helvetica, Arial, &quot;Lucida Grande&quot;,
            sans-serif; font-size: 16px;"
            id="yui_3_16_0_ym19_1_1465352442485_67083" clear="none">
          <br>
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67063" dir="ltr">Yes
          and we've found it is a major bottleneck in our system testing
          (using stub to remove internal back end dependencies). </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67063" dir="ltr">Can
          you suggest any short term measures to improve performance,
          we're blocked from pushing this to production at the moment?</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67063" dir="ltr">This
          is a major feature of the system I'm guessing this affects the
          LDAP / AD integration / federator performance too.</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67063" dir="ltr">Do you
          have any timeframe around the priority to address this?</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67063" dir="ltr"><br
            id="yui_3_16_0_ym19_1_1465352442485_67084" clear="none">
          <span style="font-family: HelveticaNeue, &quot;Helvetica
            Neue&quot;, Helvetica, Arial, &quot;Lucida Grande&quot;,
            sans-serif; font-size: 16px;"
            id="yui_3_16_0_ym19_1_1465352442485_67085">&gt; For your
            case, the performance bottleneck can be in your
            federationProvider implementation, so I am not sure if it's
            the issue in Keycloak or rather issue in your
            implementation. </span><br style="font-family:
            HelveticaNeue, &quot;Helvetica Neue&quot;, Helvetica, Arial,
            &quot;Lucida Grande&quot;, sans-serif; font-size: 16px;"
            id="yui_3_16_0_ym19_1_1465352442485_67086" clear="none">
          <br style="font-family: HelveticaNeue, &quot;Helvetica
            Neue&quot;, Helvetica, Arial, &quot;Lucida Grande&quot;,
            sans-serif; font-size: 16px;"
            id="yui_3_16_0_ym19_1_1465352442485_67087" clear="none">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67063">As indicated
          we've created a stub implementation, code included below, to
          demonstrate there is an issue calling a federator in KC.</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67063"><br>
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67063">/** Code snippet
          **/</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66358"><span
            id="yui_3_16_0_ym19_1_1465352442485_66359">public</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66360">class</span>
          StubFederationProvider <span
            id="yui_3_16_0_ym19_1_1465352442485_66361">implements</span>
          UserFederationProvider {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66362"><span
            id="yui_3_16_0_ym19_1_1465352442485_66363"> </span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66364">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66365">private</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66366">static</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66367">final</span>
          Logger <span id="yui_3_16_0_ym19_1_1465352442485_66368">logger</span>
          = Logger.getLogger(StubFederationProvider.<span
            id="yui_3_16_0_ym19_1_1465352442485_66369">class</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66370">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66371">protected</span>
          KeycloakSession <span
            id="yui_3_16_0_ym19_1_1465352442485_66372">session</span>;</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66373">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66374">protected</span>
          UserFederationProviderModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66375">model</span>;</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66376"><br
            id="yui_3_16_0_ym19_1_1465352442485_66377">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66378"><span
            id="yui_3_16_0_ym19_1_1465352442485_66379"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66380">public</span>
          StubFederationProvider(KeycloakSession <span
            id="yui_3_16_0_ym19_1_1465352442485_66381">session</span>,
          UserFederationProviderModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66382">model</span>){</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66383">        <span
            id="yui_3_16_0_ym19_1_1465352442485_66384">this</span>.<span
            id="yui_3_16_0_ym19_1_1465352442485_66385">session</span> =
          <span id="yui_3_16_0_ym19_1_1465352442485_66386">session</span>;</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66387">        <span
            id="yui_3_16_0_ym19_1_1465352442485_66388">this</span>.<span
            id="yui_3_16_0_ym19_1_1465352442485_66389">model</span> = <span
            id="yui_3_16_0_ym19_1_1465352442485_66390">model</span>;</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66391">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66392"><br
            id="yui_3_16_0_ym19_1_1465352442485_66393">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66394">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66395">public</span>
          UserFederationProviderModel getModel() {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66396">        <span
            id="yui_3_16_0_ym19_1_1465352442485_66397">return</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66398">model</span>;</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66399">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66400"><br
            id="yui_3_16_0_ym19_1_1465352442485_66401">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66402"><span
            id="yui_3_16_0_ym19_1_1465352442485_66403"> </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66404"><span
            id="yui_3_16_0_ym19_1_1465352442485_66405"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66406">public</span>
          UserModel getUserByUsername(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66407">realm</span>,
          String <span id="yui_3_16_0_ym19_1_1465352442485_66408">username</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66409"><br
            id="yui_3_16_0_ym19_1_1465352442485_66410">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66411"><span
            id="yui_3_16_0_ym19_1_1465352442485_66412"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66413"> </span>UserModel
          <span id="yui_3_16_0_ym19_1_1465352442485_66414">userModel</span>
          = addUserModelToUserStorage(<span
            id="yui_3_16_0_ym19_1_1465352442485_66415">realm</span>, <span
            id="yui_3_16_0_ym19_1_1465352442485_66416">username</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66417"><span
            id="yui_3_16_0_ym19_1_1465352442485_66418"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66419"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66420">userModel</span>.setEnabled(<span
            id="yui_3_16_0_ym19_1_1465352442485_66421">true</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66422"><span
            id="yui_3_16_0_ym19_1_1465352442485_66423"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66424"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66425">userModel</span>.setFederationLink(<span
            id="yui_3_16_0_ym19_1_1465352442485_66426">model</span>.getId());</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66427"><br
            id="yui_3_16_0_ym19_1_1465352442485_66428">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66429"><span
            id="yui_3_16_0_ym19_1_1465352442485_66430"><span
              id="yui_3_16_0_ym19_1_1465352442485_66431"> </span><span
              id="yui_3_16_0_ym19_1_1465352442485_66432"> </span></span><span
            id="yui_3_16_0_ym19_1_1465352442485_66433">return</span><span
            id="yui_3_16_0_ym19_1_1465352442485_66434"> </span>userModel<span
            id="yui_3_16_0_ym19_1_1465352442485_66435">;</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66436"><span
            id="yui_3_16_0_ym19_1_1465352442485_66437"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66438"><br
            id="yui_3_16_0_ym19_1_1465352442485_66439">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66440"><span
            id="yui_3_16_0_ym19_1_1465352442485_66441"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66442">protected</span>
          UserModel addUserModelToUserStorage(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66443">realm</span>,
          String <span id="yui_3_16_0_ym19_1_1465352442485_66444">username</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66445"><span
            id="yui_3_16_0_ym19_1_1465352442485_66446"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66447"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66448">return</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66449">session</span>.userStorage().addUser(<span
            id="yui_3_16_0_ym19_1_1465352442485_66450">realm</span>, <span
            id="yui_3_16_0_ym19_1_1465352442485_66451">username</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66452"><span
            id="yui_3_16_0_ym19_1_1465352442485_66453"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66454"><br
            id="yui_3_16_0_ym19_1_1465352442485_66455">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66456"><span
            id="yui_3_16_0_ym19_1_1465352442485_66457"> </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66458">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66459">public</span>
          UserModel getUserByEmail(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66460">realm</span>,
          String <span id="yui_3_16_0_ym19_1_1465352442485_66461">email</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66462">        <span
            id="yui_3_16_0_ym19_1_1465352442485_66463">return</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66464">null</span>;</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66465">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66466"><br
            id="yui_3_16_0_ym19_1_1465352442485_66467">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66468"><span
            id="yui_3_16_0_ym19_1_1465352442485_66469">    </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66470">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66471">public</span>
          List&lt;UserModel&gt; searchByAttributes(Map&lt;String,
          String&gt; <span id="yui_3_16_0_ym19_1_1465352442485_66472">attributes</span>,
          RealmModel <span id="yui_3_16_0_ym19_1_1465352442485_66473">realm</span>,
          <span id="yui_3_16_0_ym19_1_1465352442485_66474">int</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66475">maxResults</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66476">        <span
            id="yui_3_16_0_ym19_1_1465352442485_66477">return</span>
          Collections.emptyList();</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66478">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66479"><br
            id="yui_3_16_0_ym19_1_1465352442485_66480">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66481"><span
            id="yui_3_16_0_ym19_1_1465352442485_66482"> </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66483"><span
            id="yui_3_16_0_ym19_1_1465352442485_66484"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66485">public</span>
          List&lt;UserModel&gt; getGroupMembers(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66486">realm</span>,
          GroupModel <span id="yui_3_16_0_ym19_1_1465352442485_66487">group</span>,
          <span id="yui_3_16_0_ym19_1_1465352442485_66488">int</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66489">firstResult</span>,
          <span id="yui_3_16_0_ym19_1_1465352442485_66490">int</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66491">maxResults</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66492"><span
            id="yui_3_16_0_ym19_1_1465352442485_66493"><span
              id="yui_3_16_0_ym19_1_1465352442485_66494"> </span><span
              id="yui_3_16_0_ym19_1_1465352442485_66495"> </span></span>return<span
            id="yui_3_16_0_ym19_1_1465352442485_66496"> </span>null<span
            id="yui_3_16_0_ym19_1_1465352442485_66497">;</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66498"><span
            id="yui_3_16_0_ym19_1_1465352442485_66499"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66500"><br
            id="yui_3_16_0_ym19_1_1465352442485_66501">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66502"><span
            id="yui_3_16_0_ym19_1_1465352442485_66503"> </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66504">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66505">public</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66506">void</span>
          preRemove(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66507">realm</span>) {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66508"><span
            id="yui_3_16_0_ym19_1_1465352442485_66509">       </span>//
          complete  We don't care about the realm being removed</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66510">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66511"><br
            id="yui_3_16_0_ym19_1_1465352442485_66512">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66513"><span
            id="yui_3_16_0_ym19_1_1465352442485_66514">    </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66515">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66516">public</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66517">void</span>
          preRemove(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66518">realm</span>,
          RoleModel <span id="yui_3_16_0_ym19_1_1465352442485_66519">role</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66520"><span
            id="yui_3_16_0_ym19_1_1465352442485_66521">        </span>//
          complete we dont'care if a role is removed</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66522"><br
            id="yui_3_16_0_ym19_1_1465352442485_66523">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66524">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66525"><br
            id="yui_3_16_0_ym19_1_1465352442485_66526">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66527"><span
            id="yui_3_16_0_ym19_1_1465352442485_66528"> </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66529"><span
            id="yui_3_16_0_ym19_1_1465352442485_66530"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66531">public</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66532">void</span>
          preRemove(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66533">realmModel</span>,
          GroupModel <span id="yui_3_16_0_ym19_1_1465352442485_66534">groupModel</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66535"><span
            id="yui_3_16_0_ym19_1_1465352442485_66536"><span
              id="yui_3_16_0_ym19_1_1465352442485_66537"> </span><span
              id="yui_3_16_0_ym19_1_1465352442485_66538"> </span></span>//
          complete we dont'care if a role is removed</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66539"><span
            id="yui_3_16_0_ym19_1_1465352442485_66540"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66541"><br
            id="yui_3_16_0_ym19_1_1465352442485_66542">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66543">@Override<br>
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66555"><span
            id="yui_3_16_0_ym19_1_1465352442485_66556"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66557">public</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66558">boolean</span>
          isValid(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66559">realm</span>,
          UserModel <span id="yui_3_16_0_ym19_1_1465352442485_66560">local</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66561"><br
            id="yui_3_16_0_ym19_1_1465352442485_66562">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66563"><span
            id="yui_3_16_0_ym19_1_1465352442485_66564"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66565"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66566">return</span>
          userExists(<span id="yui_3_16_0_ym19_1_1465352442485_66567">local</span>.getUsername());</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66568"><span
            id="yui_3_16_0_ym19_1_1465352442485_66569"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66570"><span
            id="yui_3_16_0_ym19_1_1465352442485_66571"> </span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66572">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66573">/**</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66574">     * Returns
          supported credentials by this <span
            id="yui_3_16_0_ym19_1_1465352442485_66575">federator</span>.
          PASSWORD is always supported but TOTP is optional for each
          user.</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66576">     *</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66577">     * <span
            id="yui_3_16_0_ym19_1_1465352442485_66578">@param</span>
          user</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66579">     * <span
            id="yui_3_16_0_ym19_1_1465352442485_66580">@return</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66581">     */</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66582"><span
            id="yui_3_16_0_ym19_1_1465352442485_66583">    </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66584">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66585">public</span>
          Set&lt;String&gt; getSupportedCredentialTypes(UserModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66586">user</span>) {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66587"><span
            id="yui_3_16_0_ym19_1_1465352442485_66588"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66589"> </span>Set&lt;String&gt;
          <span id="yui_3_16_0_ym19_1_1465352442485_66590">supportedCredentialTypes</span>
          = <span id="yui_3_16_0_ym19_1_1465352442485_66591">new</span>
          HashSet&lt;&gt;();</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66592"><br
            id="yui_3_16_0_ym19_1_1465352442485_66593">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66594"><span
            id="yui_3_16_0_ym19_1_1465352442485_66595"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66596"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66597">supportedCredentialTypes</span>.add(UserCredentialModel.<span
            id="yui_3_16_0_ym19_1_1465352442485_66598">PASSWORD</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66599"><br
            id="yui_3_16_0_ym19_1_1465352442485_66600">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66601"><span
            id="yui_3_16_0_ym19_1_1465352442485_66602"><span
              id="yui_3_16_0_ym19_1_1465352442485_66603"> </span><span
              id="yui_3_16_0_ym19_1_1465352442485_66604"> </span></span>//
          check for any <span
            id="yui_3_16_0_ym19_1_1465352442485_66605">otp</span>
          configured on this user</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66606"><span
            id="yui_3_16_0_ym19_1_1465352442485_66607"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66608"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66609">if</span> (<span
            id="yui_3_16_0_ym19_1_1465352442485_66610">user</span>.isOtpEnabled())
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66611"><span
            id="yui_3_16_0_ym19_1_1465352442485_66612"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66613"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66614"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66615">supportedCredentialTypes</span>.add(UserCredentialModel.<span
            id="yui_3_16_0_ym19_1_1465352442485_66616">TOTP</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66617"><span
            id="yui_3_16_0_ym19_1_1465352442485_66618"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66619"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66620"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66621">supportedCredentialTypes</span>.add(UserCredentialModel.<span
            id="yui_3_16_0_ym19_1_1465352442485_66622">HOTP</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66623"><span
            id="yui_3_16_0_ym19_1_1465352442485_66624"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66625"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66626"><br
            id="yui_3_16_0_ym19_1_1465352442485_66627">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66628"><span
            id="yui_3_16_0_ym19_1_1465352442485_66629">        </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66630">return</span><span
            id="yui_3_16_0_ym19_1_1465352442485_66631"> </span>supportedCredentialTypes<span
            id="yui_3_16_0_ym19_1_1465352442485_66632">;</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66633">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66634"><br
            id="yui_3_16_0_ym19_1_1465352442485_66635">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66636"><span
            id="yui_3_16_0_ym19_1_1465352442485_66637">    </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66638">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66639">public</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66640">boolean</span>
          validCredentials(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66641">realm</span>,
          UserModel <span id="yui_3_16_0_ym19_1_1465352442485_66642">user</span>,
          List&lt;UserCredentialModel&gt; <span
            id="yui_3_16_0_ym19_1_1465352442485_66643">input</span>) {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66644">        <span
            id="yui_3_16_0_ym19_1_1465352442485_66645">for</span>
          (UserCredentialModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66646">cred</span> : <span
            id="yui_3_16_0_ym19_1_1465352442485_66647">input</span>) {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66648">            <span
            id="yui_3_16_0_ym19_1_1465352442485_66649">if</span> (<span
            id="yui_3_16_0_ym19_1_1465352442485_66650">cred</span>.getType().equals(UserCredentialModel.<span
            id="yui_3_16_0_ym19_1_1465352442485_66651">PASSWORD</span>))
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66652">            <span
            id="yui_3_16_0_ym19_1_1465352442485_66653"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66654">return</span>
          validate(<span id="yui_3_16_0_ym19_1_1465352442485_66655">user</span>,
          <span id="yui_3_16_0_ym19_1_1465352442485_66656">cred</span>.getValue());</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66657">            } <span
            id="yui_3_16_0_ym19_1_1465352442485_66658">else</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66659">if</span> (<span
            id="yui_3_16_0_ym19_1_1465352442485_66660">cred</span>.getType().equals(UserCredentialModel.<span
            id="yui_3_16_0_ym19_1_1465352442485_66661">TOTP</span>)) {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66662"><span
            id="yui_3_16_0_ym19_1_1465352442485_66663"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66664"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66665"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66666"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66667">return</span>
          CredentialValidation.validTOTP(<span
            id="yui_3_16_0_ym19_1_1465352442485_66668">realm</span>, <span
            id="yui_3_16_0_ym19_1_1465352442485_66669">user</span>, <span
            id="yui_3_16_0_ym19_1_1465352442485_66670">cred</span>.getValue());</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66671"><span
            id="yui_3_16_0_ym19_1_1465352442485_66672"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66673"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66674"> </span>} <span
            id="yui_3_16_0_ym19_1_1465352442485_66675">else</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66676">if</span> (<span
            id="yui_3_16_0_ym19_1_1465352442485_66677">cred</span>.getType().equals(UserCredentialModel.<span
            id="yui_3_16_0_ym19_1_1465352442485_66678">HOTP</span>)) {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66679"><span
            id="yui_3_16_0_ym19_1_1465352442485_66680"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66681"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66682"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66683"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66684">return</span>
          CredentialValidation.validHOTP(<span
            id="yui_3_16_0_ym19_1_1465352442485_66685">realm</span>, <span
            id="yui_3_16_0_ym19_1_1465352442485_66686">user</span>, <span
            id="yui_3_16_0_ym19_1_1465352442485_66687">cred</span>.getValue());</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66688"><span
            id="yui_3_16_0_ym19_1_1465352442485_66689"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66690"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66691"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66692">        }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66693"><span
            id="yui_3_16_0_ym19_1_1465352442485_66694">        </span>return<span
            id="yui_3_16_0_ym19_1_1465352442485_66695"> </span>false<span
            id="yui_3_16_0_ym19_1_1465352442485_66696">;</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66697">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66698"><br
            id="yui_3_16_0_ym19_1_1465352442485_66699">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66700"><span
            id="yui_3_16_0_ym19_1_1465352442485_66701">    </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66702">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66703">public</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66704">boolean</span>
          validCredentials(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66705">realm</span>,
          UserModel <span id="yui_3_16_0_ym19_1_1465352442485_66706">user</span>,
          UserCredentialModel... <span
            id="yui_3_16_0_ym19_1_1465352442485_66707">input</span>) {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66708">        <span
            id="yui_3_16_0_ym19_1_1465352442485_66709">for</span>
          (UserCredentialModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66710">cred</span> : <span
            id="yui_3_16_0_ym19_1_1465352442485_66711">input</span>) {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66712">            <span
            id="yui_3_16_0_ym19_1_1465352442485_66713">if</span> (<span
            id="yui_3_16_0_ym19_1_1465352442485_66714">cred</span>.getType().equals(UserCredentialModel.<span
            id="yui_3_16_0_ym19_1_1465352442485_66715">PASSWORD</span>))
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66716">            <span
            id="yui_3_16_0_ym19_1_1465352442485_66717"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66718">return</span>
          validate(<span id="yui_3_16_0_ym19_1_1465352442485_66719">user</span>,
          <span id="yui_3_16_0_ym19_1_1465352442485_66720">cred</span>.getValue());</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66721">            } <span
            id="yui_3_16_0_ym19_1_1465352442485_66722">else</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66723">if</span> (<span
            id="yui_3_16_0_ym19_1_1465352442485_66724">cred</span>.getType().equals(UserCredentialModel.<span
            id="yui_3_16_0_ym19_1_1465352442485_66725">TOTP</span>)) {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66726"><span
            id="yui_3_16_0_ym19_1_1465352442485_66727"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66728"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66729"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66730"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66731">return</span>
          CredentialValidation.validTOTP(<span
            id="yui_3_16_0_ym19_1_1465352442485_66732">realm</span>, <span
            id="yui_3_16_0_ym19_1_1465352442485_66733">user</span>, <span
            id="yui_3_16_0_ym19_1_1465352442485_66734">cred</span>.getValue());</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66735"><span
            id="yui_3_16_0_ym19_1_1465352442485_66736"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66737"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66738"> </span>} <span
            id="yui_3_16_0_ym19_1_1465352442485_66739">else</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66740">if</span> (<span
            id="yui_3_16_0_ym19_1_1465352442485_66741">cred</span>.getType().equals(UserCredentialModel.<span
            id="yui_3_16_0_ym19_1_1465352442485_66742">HOTP</span>)) {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66743"><span
            id="yui_3_16_0_ym19_1_1465352442485_66744"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66745"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66746"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66747"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66748">return</span>
          CredentialValidation.validHOTP(<span
            id="yui_3_16_0_ym19_1_1465352442485_66749">realm</span>, <span
            id="yui_3_16_0_ym19_1_1465352442485_66750">user</span>, <span
            id="yui_3_16_0_ym19_1_1465352442485_66751">cred</span>.getValue());</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66752"><span
            id="yui_3_16_0_ym19_1_1465352442485_66753"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66754"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66755"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66756">        }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66757"><span
            id="yui_3_16_0_ym19_1_1465352442485_66758">        </span>return<span
            id="yui_3_16_0_ym19_1_1465352442485_66759"> </span>false<span
            id="yui_3_16_0_ym19_1_1465352442485_66760">;</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66761">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66762"><br
            id="yui_3_16_0_ym19_1_1465352442485_66763">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66764"><span
            id="yui_3_16_0_ym19_1_1465352442485_66765">    </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66766">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66767">public</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66768">void</span>
          close() {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66769"><br
            id="yui_3_16_0_ym19_1_1465352442485_66770">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66771">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66772">    </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66773">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66774">/**</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66775">     * <span
            id="yui_3_16_0_ym19_1_1465352442485_66776">Keycloak</span>
          will call this method if it finds an imported UserModel.  Here
          we <span id="yui_3_16_0_ym19_1_1465352442485_66777">proxy</span>
          the UserModel with</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66778">     * a <span
            id="yui_3_16_0_ym19_1_1465352442485_66779">Readonly</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66780">proxy</span>
          which will <span id="yui_3_16_0_ym19_1_1465352442485_66781">barf</span>
          if password is updated.</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66782">     *</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66783">     * <span
            id="yui_3_16_0_ym19_1_1465352442485_66784">@param</span>
          local</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66785">     * <span
            id="yui_3_16_0_ym19_1_1465352442485_66786">@return</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66787">     */</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66788"><span
            id="yui_3_16_0_ym19_1_1465352442485_66789"> </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66790"><span
            id="yui_3_16_0_ym19_1_1465352442485_66791"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66792">public</span>
          UserModel validateAndProxy(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66793">realm</span>,
          UserModel <span id="yui_3_16_0_ym19_1_1465352442485_66794">local</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66795"><span
            id="yui_3_16_0_ym19_1_1465352442485_66796"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66797"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66798">if</span>
          (isValid(<span id="yui_3_16_0_ym19_1_1465352442485_66799">realm</span>,
          <span id="yui_3_16_0_ym19_1_1465352442485_66800">local</span>))
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66801"><span
            id="yui_3_16_0_ym19_1_1465352442485_66802"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66803"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66804"> </span>getUserDetails(<span
            id="yui_3_16_0_ym19_1_1465352442485_66805">local</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66806"><span
            id="yui_3_16_0_ym19_1_1465352442485_66807"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66808"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66809"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66810">return</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66811">new</span>
          StubUserModelProxy(<span
            id="yui_3_16_0_ym19_1_1465352442485_66812">local</span>, <span
            id="yui_3_16_0_ym19_1_1465352442485_66813">this</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66814"><span
            id="yui_3_16_0_ym19_1_1465352442485_66815"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66816"> </span>} <span
            id="yui_3_16_0_ym19_1_1465352442485_66817">else</span> {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66818"><span
            id="yui_3_16_0_ym19_1_1465352442485_66819"><span
              id="yui_3_16_0_ym19_1_1465352442485_66820"> </span><span
              id="yui_3_16_0_ym19_1_1465352442485_66821"> </span><span
              id="yui_3_16_0_ym19_1_1465352442485_66822"> </span></span>return<span
            id="yui_3_16_0_ym19_1_1465352442485_66823"> </span>null<span
            id="yui_3_16_0_ym19_1_1465352442485_66824">;</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66825"><span
            id="yui_3_16_0_ym19_1_1465352442485_66826"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66827"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66828">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66829"><br
            id="yui_3_16_0_ym19_1_1465352442485_66830">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66831"><span
            id="yui_3_16_0_ym19_1_1465352442485_66832">    </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66833">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66834">public</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66835">boolean</span>
          synchronizeRegistrations() {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66836">        <span
            id="yui_3_16_0_ym19_1_1465352442485_66837">return</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66838">true</span>;</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66839">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66840"><br
            id="yui_3_16_0_ym19_1_1465352442485_66841">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66842">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66843">/**</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66844">     * Called if
          this federation provider has priority and supports
          synchronized registrations.</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66845">     *</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66846">     * <span
            id="yui_3_16_0_ym19_1_1465352442485_66847">@param</span>
          realm</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66848">     * <span
            id="yui_3_16_0_ym19_1_1465352442485_66849">@param</span>
          user</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66850">     * <span
            id="yui_3_16_0_ym19_1_1465352442485_66851">@return</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66852">     */</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66853"><span
            id="yui_3_16_0_ym19_1_1465352442485_66854">    </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66855">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66856">public</span>
          UserModel register(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66857">realm</span>,
          UserModel <span id="yui_3_16_0_ym19_1_1465352442485_66858">user</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66859"><br
            id="yui_3_16_0_ym19_1_1465352442485_66860">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66861"><span
            id="yui_3_16_0_ym19_1_1465352442485_66882">user</span>.setSingleAttribute(<span
            id="yui_3_16_0_ym19_1_1465352442485_66883">"status"</span>,
          <span id="yui_3_16_0_ym19_1_1465352442485_66884">"OK"</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66887"><span
            id="yui_3_16_0_ym19_1_1465352442485_66888"><span
              id="yui_3_16_0_ym19_1_1465352442485_66889"> </span><span
              id="yui_3_16_0_ym19_1_1465352442485_66890"> </span></span>return<span
            id="yui_3_16_0_ym19_1_1465352442485_66891"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66892">user</span><span
            id="yui_3_16_0_ym19_1_1465352442485_66893">;</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66894">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66895"><br
            id="yui_3_16_0_ym19_1_1465352442485_66896">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66897"><span
            id="yui_3_16_0_ym19_1_1465352442485_66898"> </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66899">    <span
            id="yui_3_16_0_ym19_1_1465352442485_66900">public</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66901">boolean</span>
          removeUser(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66902">realm</span>,
          UserModel <span id="yui_3_16_0_ym19_1_1465352442485_66903">user</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66904"><span
            id="yui_3_16_0_ym19_1_1465352442485_66905"><span
              id="yui_3_16_0_ym19_1_1465352442485_66906"> </span><span
              id="yui_3_16_0_ym19_1_1465352442485_66907"> </span></span>//
          Not supported. Used as a part of the Workaround to
          <a class="moz-txt-link-freetext" href="https://issues.jboss.org/browse/KEYCLOAK-1075">https://issues.jboss.org/browse/KEYCLOAK-1075</a></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66908"><span
            id="yui_3_16_0_ym19_1_1465352442485_66909"><span
              id="yui_3_16_0_ym19_1_1465352442485_66910"> </span><span
              id="yui_3_16_0_ym19_1_1465352442485_66911"> </span></span>return<span
            id="yui_3_16_0_ym19_1_1465352442485_66912"> </span>true<span
            id="yui_3_16_0_ym19_1_1465352442485_66913">;</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66914">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66915"><br
            id="yui_3_16_0_ym19_1_1465352442485_66916">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66917"><span
            id="yui_3_16_0_ym19_1_1465352442485_66918"> </span>/**</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66919"><span
            id="yui_3_16_0_ym19_1_1465352442485_66920"> </span> *
          Supported credentials by this <span
            id="yui_3_16_0_ym19_1_1465352442485_66921">federator</span>.
          PASSWORD is a supported type. TOTP depends on the user.</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66922"><span
            id="yui_3_16_0_ym19_1_1465352442485_66923"> </span> *</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66924"><span
            id="yui_3_16_0_ym19_1_1465352442485_66925"> </span> * <span
            id="yui_3_16_0_ym19_1_1465352442485_66926">@return</span>
          supportedCredentialTypes</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66927"><span
            id="yui_3_16_0_ym19_1_1465352442485_66928"> </span> */</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66929"><span
            id="yui_3_16_0_ym19_1_1465352442485_66930"> </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66931"><span
            id="yui_3_16_0_ym19_1_1465352442485_66932"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66933">public</span>
          Set&lt;String&gt; getSupportedCredentialTypes() {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66934"><span
            id="yui_3_16_0_ym19_1_1465352442485_66935"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66936"> </span>Set&lt;String&gt;
          <span id="yui_3_16_0_ym19_1_1465352442485_66937">supportedCredentialTypes</span>
          = <span id="yui_3_16_0_ym19_1_1465352442485_66938">new</span>
          HashSet&lt;&gt;();</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66939"><span
            id="yui_3_16_0_ym19_1_1465352442485_66940"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66941"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66942">supportedCredentialTypes</span>.add(UserCredentialModel.<span
            id="yui_3_16_0_ym19_1_1465352442485_66943">PASSWORD</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66944"><span
            id="yui_3_16_0_ym19_1_1465352442485_66945"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66946"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66947">supportedCredentialTypes</span>.add(UserCredentialModel.<span
            id="yui_3_16_0_ym19_1_1465352442485_66948">TOTP</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66949"><span
            id="yui_3_16_0_ym19_1_1465352442485_66950"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66951"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66952">supportedCredentialTypes</span>.add(UserCredentialModel.<span
            id="yui_3_16_0_ym19_1_1465352442485_66953">HOTP</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66954"><span
            id="yui_3_16_0_ym19_1_1465352442485_66955"><span
              id="yui_3_16_0_ym19_1_1465352442485_66956"> </span><span
              id="yui_3_16_0_ym19_1_1465352442485_66957"> </span></span><span
            id="yui_3_16_0_ym19_1_1465352442485_66958">return</span><span
            id="yui_3_16_0_ym19_1_1465352442485_66959"> </span>supportedCredentialTypes<span
            id="yui_3_16_0_ym19_1_1465352442485_66960">;</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66961"><span
            id="yui_3_16_0_ym19_1_1465352442485_66962"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66963"><br
            id="yui_3_16_0_ym19_1_1465352442485_66964">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66965"><span
            id="yui_3_16_0_ym19_1_1465352442485_66966"> </span>@Override</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66967"><span
            id="yui_3_16_0_ym19_1_1465352442485_66968"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66969">public</span>
          CredentialValidationOutput validCredentials(RealmModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66970">realm</span>,
          UserCredentialModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66971">credential</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66972">        <span
            id="yui_3_16_0_ym19_1_1465352442485_66973">throw</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66974">new</span>
          IllegalStateException(<span
            id="yui_3_16_0_ym19_1_1465352442485_66975">"validCredentials
            not supported"</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66976"><span
            id="yui_3_16_0_ym19_1_1465352442485_66977"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66978"><br
            id="yui_3_16_0_ym19_1_1465352442485_66979">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66980"><span
            id="yui_3_16_0_ym19_1_1465352442485_66981"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66982">private</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66983">boolean</span>
          userExists(String <span
            id="yui_3_16_0_ym19_1_1465352442485_66984">username</span>)<span
            id="yui_3_16_0_ym19_1_1465352442485_66985"> </span>{</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66986"><span
            id="yui_3_16_0_ym19_1_1465352442485_66987">    <span
              id="yui_3_16_0_ym19_1_1465352442485_66988"> </span></span>return<span
            id="yui_3_16_0_ym19_1_1465352442485_66989"> </span>true<span
            id="yui_3_16_0_ym19_1_1465352442485_66990">;</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66991">    }</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66992"><span
            id="yui_3_16_0_ym19_1_1465352442485_66993"> </span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66994"><span
            id="yui_3_16_0_ym19_1_1465352442485_66995"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_66996">private</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_66997">void</span>
          getUserDetails(UserModel <span
            id="yui_3_16_0_ym19_1_1465352442485_66998">user</span>) {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_66999"><span
            id="yui_3_16_0_ym19_1_1465352442485_67000"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_67001"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_67002">user</span>.setFirstName(<span
            id="yui_3_16_0_ym19_1_1465352442485_67003">"first name"</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67004"><span
            id="yui_3_16_0_ym19_1_1465352442485_67005"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_67006"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_67007">user</span>.setLastName(<span
            id="yui_3_16_0_ym19_1_1465352442485_67008">"last name"</span>);</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67009"><span
            id="yui_3_16_0_ym19_1_1465352442485_67010"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67011"><br
            id="yui_3_16_0_ym19_1_1465352442485_67012">
        </div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67013"><span
            id="yui_3_16_0_ym19_1_1465352442485_67014"> </span><span
            id="yui_3_16_0_ym19_1_1465352442485_67015">public</span> <span
            id="yui_3_16_0_ym19_1_1465352442485_67016">boolean</span>
          validate(UserModel <span
            id="yui_3_16_0_ym19_1_1465352442485_67017">user</span>,
          String <span id="yui_3_16_0_ym19_1_1465352442485_67018">password</span>)
          {</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67019"><span
            id="yui_3_16_0_ym19_1_1465352442485_67020"><span
              id="yui_3_16_0_ym19_1_1465352442485_67021"> </span><span
              id="yui_3_16_0_ym19_1_1465352442485_67022"> </span></span>return<span
            id="yui_3_16_0_ym19_1_1465352442485_67023"> </span>true<span
            id="yui_3_16_0_ym19_1_1465352442485_67024">;</span></div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67025"><span
            id="yui_3_16_0_ym19_1_1465352442485_67026"> </span>}</div>
        <div id="yui_3_16_0_ym19_1_1465352442485_67027"><br
            id="yui_3_16_0_ym19_1_1465352442485_67028">
        </div>
        <div dir="ltr">}</div>
        <div dir="ltr"><br>
        </div>
        <div dir="ltr">/** End Snippet **/ <br
            id="yui_3_16_0_ym19_1_1465352442485_67029">
        </div>
        <div class="signature"
          id="yui_3_16_0_ym19_1_1465352442485_64963"><br>
        </div>
        <div class="signature"
          id="yui_3_16_0_ym19_1_1465352442485_64963">Regards Tom
          Connolly.</div>
        <div class="qtdSeparateBR"
          id="yui_3_16_0_ym19_1_1465352442485_64962"><br>
          <br>
        </div>
        <div class="yahoo_quoted" style="display: block;">
          <div style="font-family: HelveticaNeue-Light, Helvetica Neue
            Light, Helvetica Neue, Helvetica, Arial, Lucida Grande,
            sans-serif; font-size: 10px;">
            <div style="font-family: HelveticaNeue, Helvetica Neue,
              Helvetica, Arial, Lucida Grande, sans-serif; font-size:
              16px;">
              <div dir="ltr"> <font face="Arial" size="2">
                  <hr size="1"> <b><span style="font-weight:bold;">From:</span></b>
                  Marek Posolda <a class="moz-txt-link-rfc2396E" href="mailto:mposolda@redhat.com">&lt;mposolda@redhat.com&gt;</a><br>
                  <b><span style="font-weight: bold;">To:</span></b>
                  Thomas Connolly <a class="moz-txt-link-rfc2396E" href="mailto:thomas_connolly@yahoo.com">&lt;thomas_connolly@yahoo.com&gt;</a>;
                  <a class="moz-txt-link-rfc2396E" href="mailto:keycloak-user@lists.jboss.org">"keycloak-user@lists.jboss.org"</a>
                  <a class="moz-txt-link-rfc2396E" href="mailto:keycloak-user@lists.jboss.org">&lt;keycloak-user@lists.jboss.org&gt;</a> <br>
                  <b><span style="font-weight: bold;">Sent:</span></b>
                  Monday, June 13, 2016 5:47 PM<br>
                  <b><span style="font-weight: bold;">Subject:</span></b>
                  Re: [keycloak-user] Performance issues with Federation
                  provider enabled<br>
                </font> </div>
              <div class="y_msg_container"><br>
                <div id="yiv9564159418">
                  <div>
                    <div class="yiv9564159418moz-cite-prefix">Thanks,
                      AFAIK we didn't tried much performance testing
                      with federationProviders enabled. It's on todo
                      list though. Also we plan some refactoring of
                      userStorage + userFederation, so we will likely go
                      into it later.<br clear="none">
                      <br clear="none">
                      For your case, the performance bottleneck can be
                      in your federationProvider implementation, so I am
                      not sure if it's the issue in Keycloak or rather
                      issue in your implementation. <br clear="none">
                      <br clear="none">
                      One thing to note (maybe it's not an issue in your
                      case, but just adding it to be sure you're aware):
                      UserFederationProvider.close is currently not
                      called. So if you are rely on this method to free
                      any important resources related to your
                      implementation, you shouldn't as it doesn't work
                      right now. We are working on improving this for
                      next version.<br clear="none">
                      <br clear="none">
                      Marek<br clear="none">
                      <br clear="none">
                      On 13/06/16 07:57, Thomas Connolly wrote:<br
                        clear="none">
                    </div>
                    <blockquote type="cite">
                      <div class="yiv9564159418yqt8271556386"
                        id="yiv9564159418yqt43512">
                        <div
                          style="color:#000;background-color:#fff;font-family:HelveticaNeue-Light,
                          Helvetica Neue Light, Helvetica Neue,
                          Helvetica, Arial, Lucida Grande,
                          sans-serif;font-size:10px;">Hi Marek<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4190"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4191"
                            clear="none">
                          I'm working with Fabricio on the federation
                          performance issues with Keycloak.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4192"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4193"
                            clear="none">
                          In answer to your question we are using the
                          latest KC 1.9.7 version (we upgraded this week
                          from 1.9.2).<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4194"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4195"
                            clear="none">
                          To give you some indication of the running a
                          gatling direct access login test (results
                          below).<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4196"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4197"
                            clear="none">
                          As you can see below in (1) using KC out of
                          the box. Great performance - we saw 110 tx per
                          sec on a 4 core system.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4198"
                            clear="none">
                          <div
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4449">In
                            scenario (2) using a stubbed federator
                            (simply an echo plugin not connecting to any
                            back end services), performance is
                            unacceptable.</div>
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4200"
                            clear="none">
                          1) Not using the federator - Stub federator
                          (disabled) - while 29 tx per second we could
                          easily get to a stable 110 tx per second.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4201"
                            clear="none">
                              300 Users (hitting single server)<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4202"
                            clear="none">
                              ---- Global Information
                          --------------------------------------------------------<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4203" clear="none">
                              &gt; request
                          count                                      
                          9185 (OK=9185   KO=0     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4204"
                            clear="none">
                              &gt; min response
                          time                                     18
                          (OK=18     KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4205"
                            clear="none">
                              &gt; max response
                          time                                    723
                          (OK=723    KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4206"
                            clear="none">
                              &gt; mean response
                          time                                    27
                          (OK=27     KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4207"
                            clear="none">
                              &gt; std
                          deviation                                        
                          44 (OK=44     KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4208"
                            clear="none">
                              &gt; response time 50th
                          percentile                         20
                          (OK=20     KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4209"
                            clear="none">
                              &gt; response time 75th
                          percentile                         21
                          (OK=21     KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4210"
                            clear="none">
                              &gt; mean
                          requests/sec                                
                          29.626 (OK=29.626 KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4211"
                            clear="none">
                              ---- Response Time Distribution
                          ------------------------------------------------<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4212" clear="none">
                              &gt; t &lt; 800
                          ms                                         
                          9185 (100%)<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4213"
                            clear="none">
                              &gt; 800 ms &lt; t &lt; 1200
                          ms                                   0 (  0%)<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4214" clear="none">
                              &gt; t &gt; 1200
                          ms                                           
                          0 (  0%)<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4215"
                            clear="none">
                              &gt;
                          failed                                                
                          0 (  0%)<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4216"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4217"
                            clear="none">
                          2) Stub federator (enabled)- if we brought
                          test down to 12 tx per second (about 90 users)
                          the response times dropped to &lt; 1200 ms
                          response times, however not even close to
                          meeting out acceptance creteria.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4218"
                            clear="none">
                              300 Users (hitting single server) <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4219"
                            clear="none">
                              ---- Global Information
                          --------------------------------------------------------<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4220" clear="none">
                              &gt; request
                          count                                      
                          8496 (OK=8496   KO=0     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4221"
                            clear="none">
                              &gt; min response
                          time                                    511
                          (OK=511    KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4222"
                            clear="none">
                              &gt; max response
                          time                                  11191
                          (OK=11191  KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4223"
                            clear="none">
                              &gt; mean response
                          time                                  6832
                          (OK=6832   KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4224"
                            clear="none">
                              &gt; std
                          deviation                                      
                          2329 (OK=2329   KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4225"
                            clear="none">
                              &gt; response time 50th
                          percentile                       7194
                          (OK=7194   KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4226"
                            clear="none">
                              &gt; response time 75th
                          percentile                       8690
                          (OK=8690   KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4227"
                            clear="none">
                              &gt; mean
                          requests/sec                                
                          27.404 (OK=27.404 KO=-     )<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4228"
                            clear="none">
                              ---- Response Time Distribution
                          ------------------------------------------------<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4229" clear="none">
                              &gt; t &lt; 800
                          ms                                          
                          154 (  2%)<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4230"
                            clear="none">
                              &gt; 800 ms &lt; t &lt; 1200
                          ms                                  85 (  1%)<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4231" clear="none">
                              &gt; t &gt; 1200
                          ms                                        
                          8257 ( 97%)<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4232"
                            clear="none">
                              &gt;
                          failed                                                
                          0 (  0%)<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4233"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4234"
                            clear="none">
                          This is currently a show stopper for us and is
                          blocking our path to production.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4235"
                            clear="none">
                          Do you run similar tests and how can we help
                          you optimise the performance?<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4236"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4237"
                            clear="none">
                          Regards<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4238"
                            clear="none">
                          Tom.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4239"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4240"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4241"
                            clear="none">
                          Date: Wed, 8 Jun 2016 12:28:19 +0200<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4242"
                            clear="none">
                          From: Marek Posolda <a moz-do-not-send="true"
                            rel="nofollow" shape="rect"
                            class="yiv9564159418moz-txt-link-rfc2396E"
                            ymailto="mailto:mposolda@redhat.com"
                            target="_blank"
                            href="mailto:mposolda@redhat.com">&lt;mposolda@redhat.com&gt;</a><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4243" clear="none">
                          Subject: Re: [keycloak-user] Performance
                          issues with Federation<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4244"
                            clear="none">
                              provider enabled<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4245"
                            clear="none">
                          To: Fabricio Milone <a moz-do-not-send="true"
                            rel="nofollow" shape="rect"
                            class="yiv9564159418moz-txt-link-rfc2396E"
                            ymailto="mailto:fabricio.milone@shinetech.com"
                            target="_blank"
                            href="mailto:fabricio.milone@shinetech.com">&lt;fabricio.milone@shinetech.com&gt;</a>,   
                          keycloak-user<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4246"
                            clear="none">
                              <a moz-do-not-send="true" rel="nofollow"
                            shape="rect"
                            class="yiv9564159418moz-txt-link-rfc2396E"
                            ymailto="mailto:keycloak-user@lists.jboss.org"
                            target="_blank"
                            href="mailto:keycloak-user@lists.jboss.org">&lt;keycloak-user@lists.jboss.org&gt;</a><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4247" clear="none">
                          Message-ID: <a moz-do-not-send="true"
                            rel="nofollow" shape="rect"
                            class="yiv9564159418moz-txt-link-rfc2396E"
                            ymailto="mailto:5757F343.1040803@redhat.com"
                            target="_blank"
                            href="mailto:5757F343.1040803@redhat.com">&lt;5757F343.1040803@redhat.com&gt;</a><br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4248" clear="none">
                          Content-Type: text/plain;
                          charset="windows-1252"<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4249"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4250"
                            clear="none">
                          Hi,<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4251"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4252"
                            clear="none">
                          what's the keycloak version used? Could you
                          try latest keycloak and <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4253"
                            clear="none">
                          check if performance is still the issue?<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4254"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4255"
                            clear="none">
                          Marek<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4256"
                            clear="none">
                          <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4257"
                            clear="none">
                          On 08/06/16 01:30, Fabricio Milone wrote:<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4258"
                            clear="none">
                          &gt; Hi all,<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4259"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4260"
                            clear="none">
                          &gt; I sent this email yesterday with 5 or
                          more attachments, so I think it <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4261"
                            clear="none">
                          &gt; was blocked or something... here I go
                          again :)<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4262"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4263"
                            clear="none">
                          &gt; I've been running load tests on our
                          application during the last few <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4264"
                            clear="none">
                          &gt; weeks, and having some performance issues
                          when my custom federator is <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4265"
                            clear="none">
                          &gt; enabled.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4266"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4267"
                            clear="none">
                          &gt; The performance issue does not exist when
                          the federator is disabled.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4268"
                            clear="none">
                          &gt; *Configuration*:<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4269"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4270"
                            clear="none">
                          &gt; I have a cluster of 2 instances of
                          Keycloak, with a standalone DB, <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4271"
                            clear="none">
                          &gt; we've verified the DB isn't an issue when
                          the federator is disabled. <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4272"
                            clear="none">
                          &gt; Both instances have a quad core CPU and
                          they are in the same network. <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4273"
                            clear="none">
                          &gt; We?ve left the memory at 512MB. The test
                          script, database and API that <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4274"
                            clear="none">
                          &gt; connects to the federator are in separate
                          machines.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4275"
                            clear="none">
                          &gt; *Federator*:<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4276"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4277"
                            clear="none">
                          &gt; We have a simple custom federator that
                          makes calls to a very <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4278"
                            clear="none">
                          &gt; performant api, which has been tested and
                          is ok. Additionally, we've <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4279"
                            clear="none">
                          &gt; tested stubbing the API so the
                          performance is not a problem there. <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4280"
                            clear="none">
                          &gt; This federator is using a jaxb marshaller
                          to create a request, again <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4281"
                            clear="none">
                          &gt; tested in isolation and is performing
                          well.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4282"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4283"
                            clear="none">
                          &gt; As the federator is doing a lot of calls
                          to the API (3 per login <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4284"
                            clear="none">
                          &gt; request), I've implemented a httpclient
                          that uses a <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4285"
                            clear="none">
                          &gt; PoolingHttpClientConnectionManager with
                          1000 connections available to <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4286"
                            clear="none">
                          &gt; use, instead of using the standard apache
                          httpclient from http <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4287"
                            clear="none">
                          &gt; components. That hasn't improved a bit
                          the performance of the system.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4288"
                            clear="none">
                          &gt; *Tests*:<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4289"
                            clear="none">
                          &gt; It is a gatling scala script that could
                          generate around ~300 (or more) <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4290"
                            clear="none">
                          &gt; requests/second to the direct grants
                          login endpoint using random <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4291"
                            clear="none">
                          &gt; usernames from a list (all of them
                          already registered using KC). The <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4292"
                            clear="none">
                          &gt; script is doing a round robin across both
                          instances of Keycloak with <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4293"
                            clear="none">
                          &gt; an even distribution to each KC instance.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4294" clear="none">
                          &gt; The idea is simulate a load of 300 to
                          1500 concurrent users trying to <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4295"
                            clear="none">
                          &gt; login into our systems.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4296"
                            clear="none">
                          &gt; *Problem*:<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4297"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4298"
                            clear="none">
                          &gt; If I run the tests without using a
                          federation I can see a very good <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4299"
                            clear="none">
                          &gt; performance, but when I try to run the
                          tests with the custom <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4300"
                            clear="none">
                          &gt; federation code, the performance drops
                          from ~150 requests/second to 22 <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4301"
                            clear="none">
                          &gt; req/sec using both instances.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4302"
                            clear="none">
                          &gt; Memory wise, it seems to be ok. I've
                          never seen an error related to <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4303"
                            clear="none">
                          &gt; memory with this configuration, also if
                          you take a look at the <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4304"
                            clear="none">
                          &gt; attached visualVM screenshot you'll see
                          that memory is not a problem <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4305"
                            clear="none">
                          &gt; or it seems not to be.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4306"
                            clear="none">
                          &gt; CPU utilisation is very low to my mind,
                          I'd expect more than 80% of <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4307"
                            clear="none">
                          &gt; usage or something like that.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4308"
                            clear="none">
                          &gt; There is a method that is leading the CPU
                          samples on VisualVM called <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4309"
                            clear="none">
                          &gt; Semaphore.tryAcquire(). Not quite sure
                          what's that for, still <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4310"
                            clear="none">
                          &gt; investigating.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4311"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4312"
                            clear="none">
                          &gt; I can see that a lot of new threads are
                          being created when the test <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4313"
                            clear="none">
                          &gt; starts, as it creates around
                          60requests/second to the direct grants <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4314"
                            clear="none">
                          &gt; login call, but it seems to be a
                          bottleneck at some point.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4315"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4316"
                            clear="none">
                          &gt; So I'm wondering if there is some
                          configuration I'm missing on <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4317"
                            clear="none">
                          &gt; Keycloak side that could be affecting the
                          cluster performance when a <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4318"
                            clear="none">
                          &gt; federator is enabled. Maybe something
                          related to jpa connections, <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4319"
                            clear="none">
                          &gt; infinispan configuration or even wildfly.<br
id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4320" clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4321"
                            clear="none">
                          &gt; I'd really appreciate your help on this
                          one as I'm out of ideas.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4322"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4323"
                            clear="none">
                          &gt; I've attached some screenshots of
                          visualVM and tests results from my <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4324"
                            clear="none">
                          &gt; last run today.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4325"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4326"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4327"
                            clear="none">
                          &gt; Sorry for the long email and please let
                          me know if you need further <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4328"
                            clear="none">
                          &gt; information.<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4329"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4330"
                            clear="none">
                          &gt; Thank you in advance,<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4331"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4332"
                            clear="none">
                          &gt; Regards,<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4333"
                            clear="none">
                          &gt; Fab<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4334"
                            clear="none">
                          &gt;<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4335"
                            clear="none">
                          &gt; -- <br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4336"
                            clear="none">
                          &gt; *Fabricio Milone*<br
                            id="yiv9564159418yui_3_16_0_ym19_1_1465797102861_4337"
                            clear="none">
                          <div dir="ltr">&gt; Developer</div>
                        </div>
                      </div>
                      <br clear="none">
                      <fieldset
                        class="yiv9564159418mimeAttachmentHeader"></fieldset>
                      <br clear="none">
                      <pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv9564159418moz-txt-link-abbreviated" ymailto="mailto:keycloak-user@lists.jboss.org" target="_blank" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" rel="nofollow" shape="rect" class="yiv9564159418moz-txt-link-freetext" target="_blank" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
                    </blockquote>
                    <br clear="none">
                  </div>
                </div>
                <br>
                <br>
              </div>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
    </blockquote>
    <br>
  </body>
</html>