Hi,
I am surprised to see you having to consider that many session with a
session lifetime spann of about 8 months.
All the sessions are piling up, and at the end as you mention you can
end up with about 1 million sessions with scability issues.
I am wondering if you don't have a design issue.
A normal session is 10H, and session idletimeout is about 30mn.
Keycloak provide offline tokens that can last by 30 days, but could be
extended to much more (8 months - a year)
offline tokens handling will allow your application to generate new
access tokens (very short timelifespann), whithout having the need to
reauthenticate.
I guess it shoulds fulfill your needs.
see also:
http://www.janua.fr/examples-of-offline-token-usage-in-keycloak/
http://www.janua.fr/understanding-token-usage-in-keycloak/
Regards,
Olivier Rivat
Le 03/05/2019 à 19:53, Dev Doongoor a écrit :
Hello,
I am looking for help regarding having Keycloak accommodate roughly a
million, long-lived sessions.
My setup: I have an externalized infinispan cluster which houses the
clientSessions and sessions caches, and using Keycloak 4.8.0.
The infinispan cluster can hold that many entries in each cache, however it
seems Keycloak itself struggles with this.
When I restart Keycloak (for whatever reason), it seems to attempt to load
all sessions from infinispan into memory, which to me seems counter
intuitive to using an externalized cache system.
Unless I give Keycloak enough RAM to handle 1 million or so sessions, it
seems like I would have to clear all session data in order for the
application to start up again.
Also, session lifetime is expected to be 8 months to a year.
My standalone-ha.xml for cache configuration looks like this:
<replicated-cache name="sessions" statistics-enabled="true">
<state-transfer timeout="600000" />
<object-memory size="400000" />
<remote-store remote-servers="infinispan-socket"
passivation="false" cache=
"sessions" shared="true" purge="false"
preload="false">
<property name="rawValues">true</property>
<property name="marshaller">
org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
</remote-store>
</replicated-cache>
<replicated-cache name="clientSessions"
statistics-enabled="true">
<state-transfer timeout="600000" />
<object-memory size="400000" />
<remote-store remote-servers="infinispan-socket"
cache="clientSessions"
passivation="false" shared="true" purge="false"
preload="false">
<property name="rawValues">true</property>
<property name="marshaller">
org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
</remote-store>
</replicated-cache>
Is this correct? Is there a more efficient way to handle this?
Thanks in advance,
DKD
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user --
<
http://www.janua.fr/images/logo-big-sans.png><http://www.janua.fr/i...
<
http://www.janua.fr/images/6g_top.gif>
Olivier Rivat
CTO
orivat(a)janua.fr <mailto:dchikhaoui@janua.fr>
Gsm: +33(0)682 801 609
Tél: +33(0)489 829 238
Fax: +33(0)955 260 370
http://www.janua.fr <
http://www.janua.fr/>
<
http://www.janua.fr/images/6g_top.gif>