Keycloak simply doesn't scale well with regards to large number of realms
today and it's not something we currently support.
That's just one of several issues around large number of realms that have
to be resolved. Another example is upgrading the server with 1700 realms is
also going to be painful.
At the moment we are not able to priorities this though. We are planning to
resolve it, but it will be quite some time until we do.
For the particular issue you've mentioned the work-around is to remove the
realm roles from the admin composite in master realm. That will work, but
you will only be able to login and manage realms individually.
On Thu, 4 Oct 2018 at 18:07, Gideon Caranzo <gideonray(a)gmail.com> wrote:
Hi,
I'm encountering slow api calls after reaching 1700 realms. I profiled it
and found that role checking is causing the issue particularly
*KeycloakModelUtils.searchFor(RoleModel
role, RoleModel composite, Set<String> visited)*.
I'm using a user with "admin" role to call get realm API. And since i have
1700 realms, "admin" role now have about 30K composite roles under it. The
line below from KeycloakModelUtils.searchFor() will load all 30K composite
roles causing the slow down.
*Set<RoleModel> compositeRoles = composite.getComposites();*
Is there a way to avoid this issue? Or is it possible to fix the code such
that it will do a database query instead of searching in memory to check if
the role exist?
Best regards,
Gideon
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev