2:52 p.m.
Hello,
As we need to support some legacy applications we are enabling basic auth in the wildfly
adapater of our REST oidc clients.
What I have noticed is that for every REST call, a 'session' is created on the
keycloak server.
Is there a way to not create this session?
We do have perf tests that will call those REST apis a lot and I am concerned that we will
use memory for nothing.
Another concern is that during those perf tests we noticed that the keycloak server was
using a lot of CPU.
A large part of it was used checking the password (the same user was used for all those
calls).
For legacy reason we cannot ask the caller to first get a token and use it for subsequent
calls.
So I am wondering if there is a way to configure some 'authentication cache'.
(I guess that I am asking for something like the JBossCachedAuthenticationManager for
those who know JBoss EAP/Wildfly).
In fact I would not even care about the token too and just an OK/NOK from the keycloak
server would be needed.
This is probably too much to ask and I could do all this from my end.
But then to support new clients that are OAuth aware I would need to replicate what the
adapter is doing.
1:56 a.m.
Hi,
I'm interested in this question. For legacy reason, I have to maintain the
basic auth possibility. And I noticed the huge amount of sessions too.
For the cache it's in the user federation. You may want to adjust the cache
policy (although it will be dependent on the implementation you use). I
know that keycloak cache the users but I'm not sure about the password
check.
Best regards,
Gaetan
Le lun. 21 août 2017 à 21:59, Amat, Juan (Nokia - US) <juan.amat(a)nokia.com>
a écrit :
Hello,
As we need to support some legacy applications we are enabling basic auth
in the wildfly adapater of our REST oidc clients.
What I have noticed is that for every REST call, a 'session' is created on
the keycloak server.
Is there a way to not create this session?
We do have perf tests that will call those REST apis a lot and I am
concerned that we will use memory for nothing.
Another concern is that during those perf tests we noticed that the
keycloak server was using a lot of CPU.
A large part of it was used checking the password (the same user was used
for all those calls).
For legacy reason we cannot ask the caller to first get a token and use it
for subsequent calls.
So I am wondering if there is a way to configure some 'authentication
cache'.
(I guess that I am asking for something like the
JBossCachedAuthenticationManager for those who know JBoss EAP/Wildfly).
In fact I would not even care about the token too and just an OK/NOK from
the keycloak server would be needed.
This is probably too much to ask and I could do all this from my end.
But then to support new clients that are OAuth aware I would need to
replicate what the adapter is doing.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2678
days inactive
2679
days old
1 comments
2 participants
participants (2)
-
Amat, Juan (Nokia - US) -
Gaétan Collaud