Re: [keycloak-user] Shared datastore?

My requirements are the following: store tokens emitted by KC during one year. I don't know how many users there are, but here are the number I get: * the number of connections a week is about 700k. * the number of session refresh a week is about 200k. I approximated around 1M of sessions a week, thus 52M a year. In memory, a user session has been estimated around 4KB (about 1KB in file/DB). But I guess a refresh does not create another session isn't it? And maybe it's possible to ask KC to delete previous emitted tokens when a new one is created for a same user?

If yes, my estimation is probably a little bit too high here, but I certainly have several millions of tokens to keep (and maybe dozens of millions). Thanks --nick Le mer. 7 nov. 2018 à 18:17, Nicolas Ocquidant <nocquidant(a)gmail.com&gt; a écrit : > Hi, > > According to Infinispan, when passivation is disabled, every update to the > cache should always write to the store. > > But I can't manage to get it work with Keycloak. If I disable passivation, > my SQL store (Postgres) stays empty, even if the cache is full. > > So, if passivation is needed for Keycloak to write to the DB, it means > that the use of a shared DB is not possible... > > But this leads to another issue for me. Enable passivation without a > shared DB seems to imply that either 'fetch-state' or 'purge' should be > enabled on startup, in order for the cache to not contain stale entries. > > 15:27:44,626 WARN > [org.infinispan.configuration.cache.AbstractStoreConfigurationBuilder] (MSC > service thread 1-6) ISPN000149: Fetch persistent state and purge on startup > are both disabled, cache may contain stale entries on startup > > As I need to keep millions of sessions, this will considerably slow down > the startup of my node (when started again after a crash for instance). > > So, is shared datastore allowed in Keycloak? If yes, how to enable it? > Otherwise what other options do I have to improve my startup time, if > millions of sessions are in the store? > > Thanks > --nick > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user