8:51 a.m.
Hi Cesar,
Regarding the performance issues found in the mailing list thread you
referred to, I submitted 5 PRs. 3 have been merged and 2 are still pending
review.
https://github.com/keycloak/keycloak/pull/3561
https://github.com/keycloak/keycloak/pull/3557
https://github.com/keycloak/keycloak/pull/3558
https://github.com/keycloak/keycloak/pull/3572
https://github.com/keycloak/keycloak/pull/3573
You can look at
http://lists.jboss.org/pipermail/keycloak-dev/2016-November/008439.html for
more details on the changes.
We are still running on a custom build of Keycloak with all those changes
applied and at the moment is supports our administrative load with over
1000 realms. Restart/use of the admin API/access to the admin console are
now fast enough not to generate complains from our operators. Most of the
issues with the large number of realms were related with the use of
NamedQueries (generates too many flush() within Hibernate) and the very
large number of child roles on the super admin composite role.
Upgrades are still considered problematic for us. I found other performance
issues within the Java based data migration code, mostly related with
explicit em.flush() statements, but I haven't digged into them.
I hope it helps,
Gabriel
2017-04-13 4:19 GMT-04:00 Mailing lists <lists(a)m3b.net>:
>From the thread you linked to it looks like someone already laid
out some
ideas where optimization could work. (Appears to be something with loading
reals, caching, and flushing).
Furthermore, it would seem that a slow startup phase is (or should be) an
infrequent event. As well as administration. These are not show-stoppers
for me.
If anything, perhaps a better work-around would be to architect a
deployment where keycloak lives closer to the tenant application instances.
Simply treat the keycloak as a microservice that is bundled with your apps,
and have it automated to a point where it is more "code as configuration"
rather than manually logging into keycloak and clicking around?
________________________________
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces@lists.
jboss.org> on behalf of Cesar Salazar <csalazar(a)devsu.com>
Sent: Wednesday, April 12, 2017 6:39:44 PM
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] Multi tenancy with realms
Hi. I'm looking to use keycloak for a SASS service, using realms for
multi-tenancy. There's a discussion on a previous thread about performance
issues when there are lots of realms:
http://lists.jboss.org/pipermail/keycloak-user/2016-October/008061.html
I wanted to ask if there is some work done in that direction. If not, where
can I start looking at so I can contribute?
Also, I was wondering what would be the implications of using a custom user
attribute to "emulate" multi-tenancy. (I would add a custom attribute, and
make my microservices validate against it). I know it's not the ideal way,
but would it be possible? Do you know of any considerations I should take
into account?
Thanks!
--
*Cesar Salazar*
CTO - DEVSU | www.devsu.com<http://www.devsu.com>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Gabriel Lavoie
glavoie(a)gmail.com