Is there a difference in the number of permissions/resources granted on
each run?
Maybe, permissions are being run twice when using dashboard. Still not
clear to me why. I would need to reproduce this behavior somehow.
Is there any client mapper associated with dashboard that is not set to
api-server ?
On Mon, May 27, 2019 at 11:26 AM Corentin Dupont <corentin.dupont(a)gmail.com>
wrote:
Hi Pedro and Luke,
I tried with the "evaluate" tab in the UI.
Just by changing the client in the evaluate tab (first dropbox), I obtain
significant performance changes:
- with "api-server" client: 2.5 seconds.
- with "dashboard" client: 5 seconds.
With the API, the difference is even more significant (200ms vs 2s)
Note that the resources belong to "api-server". So it might be some
communication delay between the clients as suggested by Luke (if I
understood correctly)?
On Mon, May 27, 2019 at 3:54 PM Pedro Igor Silva <psilva(a)redhat.com>
wrote:
> Hi,
>
> The resource set is the same in both scenarios as they are related to
> api-server. The same goes for permissions and policies.
>
> I don't know what may be causing this difference, but maybe you can find
> a clue when running the evaluation tool to compare how evaluation is
> performed in both situations.
>
> On Sat, May 25, 2019 at 1:12 PM Corentin Dupont <
> corentin.dupont(a)gmail.com> wrote:
>
>> Hi guys,
>> I noticed that if I request permissions with one client, it is faster
>> than
>> with another one.
>> For instance:
>>
>> TOKEN=`curl -X POST -H "Content-Type:
application/x-www-form-urlencoded"
>> -d
>>
'username=cdupont&password=xxx&grant_type=password&*client_id=api-server*&client_secret=4e9dcb80-efcd-484c-b3d7-1e95a0096ac0'
>>
"http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token"
>> |
>> jq .access_token -r`
>> time curl -X POST
>>
http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token
>> -H
>> "Authorization: Bearer $TOKEN" -d
>>
>>
"grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audience=api-server&permission=#devices:view&response_mode=permissions"
>> *real 0m0,196s*
>> user 0m0,000s
>> sys 0m0,006s
>>
>> TOKEN=`curl -X POST -H "Content-Type:
application/x-www-form-urlencoded"
>> -d
>>
'username=cdupont&password=xxx&grant_type=password&*client_id=dashboard*'
>>
"http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token"
>> |
>> jq .access_token -r`
>> time curl -X POST
>>
http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token
>> -H
>> "Authorization: Bearer $TOKEN" -d
>>
>>
"grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audience=api-server&permission=#devices:view&response_mode=permissions"
>> *real 0m2,142s*
>> user 0m0,006s
>> sys 0m0,006s
>>
>> The only difference between the two commands is the client (highlighted
>> in
>> red). With the second client, it takes 2 seconds more consistently.
>> Any idea? I might be a cache problem...
>> Cheers
>> Corentin
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>