Hi
We are using JBOSS Fuse Keycloak adapter 2.5.5-final-redhat.
We observed that at each authorization request the adapter creates sessions
on the Keycloak Server which are not released. As a result the number of
sessions is ever increasing impacting the performance on Keycloak Server.
In looking in the code, we saw that in many cases, the authorization flow
requests a token from the Keycloak Server but eventually it does not call
log out or does not cache the token in the deployment in order not to call
again.
For example: KeycloakAdapterPolicyEnforcer::requestAuthorizationToken.
if configuration is User Managed Access, it will create a token with this
statement:
authzClient.protection().permission().forResource(permissionRequest);
At the end, it will not call log out and session will remain in the SSO
Server Cache.
--
Sent from:
http://keycloak-user.88327.x6.nabble.com/