9 a.m.
Each grant type is processed in different branches of Token Endpoint thus they might (and
very likely will) have different performance.
Its well known that enabling fine grained access control generates extra load as these
permissions needs to be read somehow.
Kind regards,
Łukasz
--
Code-House
http://code-house.org <http://code-house.org/>
On 27 May 2019, at 15:54, Pedro Igor Silva <psilva(a)redhat.com>
wrote:
Hi,
The resource set is the same in both scenarios as they are related to
api-server. The same goes for permissions and policies.
I don't know what may be causing this difference, but maybe you can find a
clue when running the evaluation tool to compare how evaluation is
performed in both situations.
On Sat, May 25, 2019 at 1:12 PM Corentin Dupont <corentin.dupont(a)gmail.com>
wrote:
> Hi guys,
> I noticed that if I request permissions with one client, it is faster than
> with another one.
> For instance:
>
> TOKEN=`curl -X POST -H "Content-Type: application/x-www-form-urlencoded"
> -d
>
'username=cdupont&password=xxx&grant_type=password&*client_id=api-server*&client_secret=4e9dcb80-efcd-484c-b3d7-1e95a0096ac0'
> "http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token" |
> jq .access_token -r`
> time curl -X POST
> http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token -H
> "Authorization: Bearer $TOKEN" -d
>
>
"grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audience=api-server&permission=#devices:view&response_mode=permissions"
> *real 0m0,196s*
> user 0m0,000s
> sys 0m0,006s
>
> TOKEN=`curl -X POST -H "Content-Type: application/x-www-form-urlencoded"
> -d
>
'username=cdupont&password=xxx&grant_type=password&*client_id=dashboard*'
> "http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token" |
> jq .access_token -r`
> time curl -X POST
> http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token -H
> "Authorization: Bearer $TOKEN" -d
>
>
"grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audience=api-server&permission=#devices:view&response_mode=permissions"
> *real 0m2,142s*
> user 0m0,006s
> sys 0m0,006s
>
> The only difference between the two commands is the client (highlighted in
> red). With the second client, it takes 2 seconds more consistently.
> Any idea? I might be a cache problem...
> Cheers
> Corentin
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user