<div dir="ltr">Hi,<div><br></div><div>You can relatively easily try though by adding an eviction policy to the realmVersions cache. I found that with roughly a million users there would be around 500Mb of memory consumed, which will run you into issues with the default settings if you have that many users login over a space of a day and a half.</div><div><br></div><div>Empty page could be due to timeout. Is there any errors in the logs? What is the status code returned with the empty page?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 8 July 2016 at 10:40, Valerij Timofeev <span dir="ltr"><<a href="mailto:valerij.timofeev@gmail.com" target="_blank">valerij.timofeev@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div><div><div><div><div><div>Hi Stian,<br><br></div>You are the assignee in <a href="https://issues.jboss.org/browse/KEYCLOAK-3202" rel="12635573" target="_blank">KEYCLOAK-3202</a>, so I addressed this email to you directly.<br><br></div>I guess that this issue could be the cause of trouble in our production environment.<br><br>There are 4 EAP-6 nodes with Keycloak adapters and 2 Keycloak 1.9.4 standalone servers running in 2 clusters respectively.<br><br></div>We experience logout failures approximately after one and a half days of operation. <br>Restarting EAP 6 nodes temporary resolves the logout problem.<br><br></div>Durable load tests in out test environment showed that login and logout of existing users don't result in above behaviour.<br></div>We added to the durable load test additional scenario creating new users and were able to reproduce logout failure: users are getting empty page and not the login screen as expected. Page reload navigates back into the protected web application .<br><br></div>Logout is accomplished in a Java web applictaion by calling OIDC logout endpoint:<br><br><i>FacesContext<br> .getCurrentInstance()<br> .getExternalContext()<br> .redirect(keycloakDeployment.getLogoutUrl().queryParam("redirect_uri", redirectURL).toTemplate());<br></i></div><br>Logout is initiated via h:commandLink, so I suppose that the OIDC logout endpoint is called via the GET method. Should we use the POST method instead?<br></div><br>Has servlet logout any advantages?<br><br><i>((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest()).logout();<br><br></i></div>I'd appreciate quick response<i>, </i>because restarting production EAP cluster every day is not a pleasant option ;-)<span lang="en"><span><br><br></span></span></div><span lang="en"><span>Thank you in advance<br><br></span></span></div><span lang="en"><span>Kind regards<span class="HOEnZb"><font color="#888888"><br></font></span></span></span></div><span class="HOEnZb"><font color="#888888"><span lang="en"><span>Valerij Timofeev<br></span></span></font></span></div>
</blockquote></div><br></div>