<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Again, are you just talking about the Admin Console? Please list
exactly what actions load thousands of users. <br>
</p>
<p>* IN the admin console Users page, if you search for a user, LDAP
will be queried once by username, email, or first+last name
depending on the format of the search string.</p>
<p>* View All Users will *NOT* query LDAP. It will only show
imported users aka users that have already be imported from LDAP.</p>
<p>I'm not sure about the new Authorization stuff. Is this what you
mean by the Evaluation screen or in the User base Policy? <br>
</p>
<br>
<div class="moz-cite-prefix">On 8/4/16 10:05 AM, Ushanas Shastri
wrote:<br>
</div>
<blockquote
cite="mid:878f8a83ecc74a5e92a1323833ed56c1@vitblrex2013.viteos.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F4E79;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p><span
style="font-size:9.0pt;font-family:"Arial","sans-serif"">Classification:
INTERNAL<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Not just when I
manage Users.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Even in the
Evaluation screen or in the User based Policy (any place we
show a list of users), on page load, all users are fetched.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Even if users
have to be queries from all providers, shouldn’t we wait for
the user to enter a search criteria, and only then query
based on that search criteria? At the moment, if I have a
1000 users in AD, on each page load 1000 users are fetched
from AD, without even me attempting a search.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Regards,
Ushanas.<o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext">
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user-bounces@lists.jboss.org">keycloak-user-bounces@lists.jboss.org</a>
[<a class="moz-txt-link-freetext" href="mailto:keycloak-user-bounces@lists.jboss.org">mailto:keycloak-user-bounces@lists.jboss.org</a>]
<b>On Behalf Of </b>Bill Burke<br>
<b>Sent:</b> Thursday, August 04, 2016 6:50 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<b>Subject:</b> Re: [keycloak-user] Keycloak goes to AD
to fetch users every page load, does not use local
store.<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>You mean when you manage the users from the Admin Console?
The searchbox is meant to be a general pattern and is
equivalent to a LIKE clause in RDBMS. So this means all
providers must be queried.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 8/4/16 7:54 AM, Ushanas Shastri wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p
id="janusNET.janusSEAL.Outlook.ProtectiveMarking.Body.Prefix"><span
style="font-size:9.0pt;font-family:"Arial","sans-serif"">Classification:
INTERNAL<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F4E79">Hello,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F4E79"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F4E79">We have
Keycloak setup with SQL Server as a persistent store, and
we have User Federation enabled with Microsoft Active
Directory.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F4E79"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F4E79">Why does
Keycloak go back to querying AD on every page load
(Manage-> Users or the Evaluate tab in Authorization)?
Should it not get a list of users from the local SQL store
only?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F4E79"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F4E79">I’m seeing
that on the page load, Keycloak gets a list of all users
from AD. Considering we have a large number of users, this
is time consuming. Don’t know if it matters, but we do
have an AD filter.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F4E79"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F4E79">Regards,
Ushanas.</span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt">Viteos
Fund Services Ltd |
</span></b><a moz-do-not-send="true"
href="http://www.viteosfundservices.com/" target="_blank"><span
style="font-size:10.0pt;color:blue">www.viteos.com</span></a><o:p></o:p></p>
<p class="MsoNormal" style="text-autospace:none"><b><span
style="font-size:10.0pt">Direct :</span></b><span
style="font-size:10.0pt"> +91-22-61082230 | US : +1-
888-821-7561 extn 240</span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt">Cell :</span></b><span
style="font-size:10.0pt"> +91-9820225580</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Email : <a
moz-do-not-send="true"
href="mailto:ushanas.shastri@viteos.com">
<span style="color:blue">ushanas.shastri@viteos.com</span></a></span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p>This message is for the named person's use only. It may
contain confidential, proprietary or legally privileged
information. No confidentiality or privilege is waived or
lost by any mis-transmission. If you receive this message in
error, please immediatelydelete it and all copies of it from
your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you
are not the intended recipient. Viteos Capital Market
Services Ltd.and any of its subsidiaries each reserve the
right to monitor all e-mail communications through its
networks. Any views expressed in this message are those of
the individual sender, except where the message states
otherwise and the sender is authorized to state them to be
the views of any such entit.<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>keycloak-user mailing list<o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><o:p></o:p></pre>
<pre><a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman","serif""><o:p> </o:p></span></p>
</div>
<p>This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any
mis-transmission. If you receive this message in error, please
immediatelydelete it and all copies of it from your system,
destroy any hard copies of it and notify the sender. You must
not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended
recipient. Viteos Capital Market Services Ltd.and any of its
subsidiaries each reserve the right to monitor all e-mail
communications through its networks. Any views expressed in this
message are those of the individual sender, except where the
message states otherwise and the sender is authorized to state
them to be the views of any such entit.</p>
</blockquote>
<br>
</body>
</html>