[keycloak-user] Guidelines Load- / Stress-Testing Keycloak

Hello group, has anyone already stress tested a Keycloak deployment? The Keycloak Testsuite contains a rudimentary stress test for login/logout [0], but we were wondering whether someone has already done more thorough testing here that they are willing to share. We're looking into stress testing Keycloak with gatling [1] to get a sense for when Keycloak falls over and some information about JVM memory requirements during high load. Furthermore, are there any suggestions for use-cases that should be tested in particular, e.g.: - Simple Page Invocations (Unauthenticated, Authenticated) - Login - Logout - Registration - Account Page - Complex flows - Login, goto account page, Logout - Login, goto account page, change password, Logout, Login with new password - Service Requests - Aquire Refresh Token - Aquire Access Token Are there any (knwon) potentially expensive operations that are not obvious that should be tested in particular? (in simulating a real-world load with high user counts, for example, are there any particularly expensive operations where a high user count would noticeably impact performance?) What is the best way to initialize Keycloak (e.g. backed by a PostgreSQL database) with varying (arbitrarily large) numbers of users, in order to get realistic performance numbers? Given that creating XX,000 users via the REST API might take some time, is it enough to simply generate 10,000 * X records in the UserEntity table? Cheers, Thomas [0] https://github.com/keycloak/keycloak/tree/master/testsuite/stress [1] http://gatling.io/