Hi Daniel,
On 2018-03-26 10:03, Hammarberg, Daniel wrote:
In our currently running project, we are moving to Keycloak as SSO
for a few sites with about 180000 active users, a large hierarchy of groups and peaks with
thousands of calls per second. We are starting to get a feeling that Keycloak cannot
handle such a large amount of data and traffic. Is there any documentation anywhere on
server sizing and expected performance for large sites? Has anyone run peak tests and
endurance tests on Keycloak and in that case, what was the outcome? Does anyone have
experience in using Keycloak for sites of this size?
just to give you a rough idea:
We are running performance tests against
a small Keycloak cluster (two machines with 24 CPU cores and 12 GB RAM
each). We simulate OIDC and SAML login flows using JMeter. These tests
use five million test users (but there are no groups).
In this scenario we achieve about 400 Logins per second or 12000
requests to the userinfo endpoint per second.
We found that login performance varies greatly with the number of PBKDF2
hashing iterations used (Keycloak uses 27500 by default).
Best regards,
Marian