Re: [keycloak-user] Authorization services performance
On Wed, Aug 22, 2018 at 8:38 AM, Ori Doolman <Ori.Doolman(a)amdocs.com> wrote:
Hi,
We are using Policy Enforcer in Java client (JBOSS FUSE) to send the
permission ticket to Keycloak PDP for evaluating a pre-configured
Javascript policy rule.
We are using Keycloak version 2.5.5.
Is that evaluation in Keycloak PDP occur in-memory, or does it perform a
DB access each time?
If cache is warm, it should not happen any database hits. We cache not only
entities (resources, policies, etc) but also specific queries that are
executed during evaluation.
In latest version, 4.3.0.Final, we delivered quite a few performance
improvements to the evaluation engine like removal of redundant code and
refactoring to optimize execution and decision cache on a per authorization
request basis. We are still working on some other improvements as this is
one of our main goals for future releases.
I would recommend you to try latest version. There are other improvements
too that I think you may benefit. Things like being able to define response
format (if just a decision, list of granted permissions or standard oauth2
response), limit the number of permissions that the server should process,
pushed claims (with or without permission tickets), additional methods to
the evaluation api, etc.
Thanks,
Ori Doolman
Lead Software Architect
Amdocs Optima
+972 9 778 6914 (office)
+972 50 9111442 (mobile)
[cid:image001.png@01D2C8DE.BFF33E10]
“Amdocs’ email platform is based on a third-party, worldwide, cloud-based
system. Any emails sent to Amdocs will be processed and stored using such
system and are accessible by third party providers of such system on a
limited basis. Your sending of emails to Amdocs evidences your consent to
the use of such system and such processing, storing and access”.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user