8:19 p.m.
Hi,
We are using Keycloak 1.7 for multi tenant environment where each tenant is a realm.
We have a cluster of 4 Keycloak servers and we see severe performance degradation when we
are using about 200 Realms with 200 users each.
Is that the expected behavior of Keycloak?
Are there known issues with such an amount of realms in Keycloak 1.7?
What should we do to be able to work with much more realms (we need about 2000)?
Thanks,
Raanan
12:47 a.m.
Hi Raanan,
we've hit many issues on our side with a large number of realms and
took some time to study and fix them. I suggest you to have a look at this
thread in the dev ML:
http://lists.jboss.org/pipermail/keycloak-dev/2016-November/008439.html
I have 5 pull requests that were submitted, 2 merged and 3 still pending
for the 3.x release. For now, we're running an in-house Keycloak build with
those fixes.
There could still be some areas that are not covered by my pull requests
that we haven't hit yet.
Gabriel
2016-12-07 14:19 GMT-05:00 Raanan Gonen <Raanan.Gonen(a)nice.com>:
Hi,
We are using Keycloak 1.7 for multi tenant environment where each tenant
is a realm.
We have a cluster of 4 Keycloak servers and we see severe performance
degradation when we are using about 200 Realms with 200 users each.
Is that the expected behavior of Keycloak?
Are there known issues with such an amount of realms in Keycloak 1.7?
What should we do to be able to work with much more realms (we need about
2000)?
Thanks,
Raanan
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Gabriel Lavoie
glavoie(a)gmail.com
12:45 p.m.
Thank you Gabriel for the detailed response!
May I ask how many KC servers are using for the 500-600 tenants setup?
Regards,
Raanan
From: Gabriel Lavoie [mailto:glavoie@gmail.com]
Sent: יום ה, 08 דצמבר 2016 01:48
To: Raanan Gonen <Raanan.Gonen(a)nice.com>
Cc: keycloak-user(a)lists.jboss.org; Vadim Ilyasov <Vadim.Ilyasov(a)nice.com>; Itay
Even-Hen <Itay.Even-Hen(a)nice.com>; Yuvraj Sawant <Yuvraj.Sawant(a)nice.com>
Subject: Re: [keycloak-user] Multi Tenant Keycloak Scale
Hi Raanan,
we've hit many issues on our side with a large number of realms and took some
time to study and fix them. I suggest you to have a look at this thread in the dev ML:
http://lists.jboss.org/pipermail/keycloak-dev/2016-November/008439.html
I have 5 pull requests that were submitted, 2 merged and 3 still pending for the 3.x
release. For now, we're running an in-house Keycloak build with those fixes.
There could still be some areas that are not covered by my pull requests that we
haven't hit yet.
Gabriel
2016-12-07 14:19 GMT-05:00 Raanan Gonen
<Raanan.Gonen@nice.com<mailto:Raanan.Gonen@nice.com>>:
Hi,
We are using Keycloak 1.7 for multi tenant environment where each tenant is a realm.
We have a cluster of 4 Keycloak servers and we see severe performance degradation when we
are using about 200 Realms with 200 users each.
Is that the expected behavior of Keycloak?
Are there known issues with such an amount of realms in Keycloak 1.7?
What should we do to be able to work with much more realms (we need about 2000)?
Thanks,
Raanan
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Gabriel Lavoie
glavoie@gmail.com<mailto:glavoie@gmail.com>
2:06 p.m.
Hi Raanan,
we only have two nodes, but our authentication scenarios are currently
limited. Most of our issues were with admin login (large number of
sub-roles in the composite admin role), administration (slow realm
creation) and node restart with that number of realms.
In what cases are you experiencing the issues?
Do you have a lot of roles/composite roles in your realms?
Also, regarding an upgrade to 2.4.0. Some of the upgrade code is not
Liquibase, but Java code working with the model to migrate data. With 500
realms I had a very difficult time to upgrade to 2.4.0 without hacking the
code (peformance fixes I've submitted) and configuration. Other than the
code fixes, Keycloak recently started to use JTA to manage the transactions
which added a transaction timeout variable which is at 4 or 5 minutes by
default I think. There is also the WildFly startup timeout that I've hit. I
had to increase both to 2 hours to be able to upgrade without the code
fixes. Much lower with the code fixes, but I don't have a specific time in
mind as I haven't re-tested this recently.
Gabriel
2016-12-08 6:45 GMT-05:00 Raanan Gonen <Raanan.Gonen(a)nice.com>:
Thank you Gabriel for the detailed response!
May I ask how many KC servers are using for the 500-600 tenants setup?
Regards,
Raanan
*From:* Gabriel Lavoie [mailto:glavoie@gmail.com]
*Sent:* יום ה, 08 דצמבר 2016 01:48
*To:* Raanan Gonen <Raanan.Gonen(a)nice.com>
*Cc:* keycloak-user(a)lists.jboss.org; Vadim Ilyasov <Vadim.Ilyasov(a)nice.com>;
Itay Even-Hen <Itay.Even-Hen(a)nice.com>; Yuvraj Sawant <
Yuvraj.Sawant(a)nice.com>
*Subject:* Re: [keycloak-user] Multi Tenant Keycloak Scale
Hi Raanan,
we've hit many issues on our side with a large number of realms and
took some time to study and fix them. I suggest you to have a look at this
thread in the dev ML:
http://lists.jboss.org/pipermail/keycloak-dev/2016-November/008439.html
I have 5 pull requests that were submitted, 2 merged and 3 still pending
for the 3.x release. For now, we're running an in-house Keycloak build with
those fixes.
There could still be some areas that are not covered by my pull requests
that we haven't hit yet.
Gabriel
2016-12-07 14:19 GMT-05:00 Raanan Gonen <Raanan.Gonen(a)nice.com>:
Hi,
We are using Keycloak 1.7 for multi tenant environment where each tenant
is a realm.
We have a cluster of 4 Keycloak servers and we see severe performance
degradation when we are using about 200 Realms with 200 users each.
Is that the expected behavior of Keycloak?
Are there known issues with such an amount of realms in Keycloak 1.7?
What should we do to be able to work with much more realms (we need about
2000)?
Thanks,
Raanan
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Gabriel Lavoie
glavoie(a)gmail.com
--
Gabriel Lavoie
glavoie(a)gmail.com
2:47 a.m.
Does the same happens with the latest release 2.4.0?
On Wed, Dec 7, 2016 at 5:19 PM, Raanan Gonen <Raanan.Gonen(a)nice.com> wrote:
Hi,
We are using Keycloak 1.7 for multi tenant environment where each tenant is a realm.
We have a cluster of 4 Keycloak servers and we see severe performance degradation when we
are using about 200 Realms with 200 users each.
Is that the expected behavior of Keycloak?
Are there known issues with such an amount of realms in Keycloak 1.7?
What should we do to be able to work with much more realms (we need about 2000)?
Thanks,
Raanan
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
- abstractj
12:42 p.m.
We will have to check this.
Unfortunately, our performance system has KC 1.7
-----Original Message-----
From: Bruno Oliveira [mailto:bruno@abstractj.org]
Sent: יום ה, 08 דצמבר 2016 03:47
To: Raanan Gonen <Raanan.Gonen(a)nice.com>
Cc: keycloak-user(a)lists.jboss.org; Vadim Ilyasov <Vadim.Ilyasov(a)nice.com>; Itay
Even-Hen <Itay.Even-Hen(a)nice.com>; Yuvraj Sawant <Yuvraj.Sawant(a)nice.com>
Subject: Re: [keycloak-user] Multi Tenant Keycloak Scale
Does the same happens with the latest release 2.4.0?
On Wed, Dec 7, 2016 at 5:19 PM, Raanan Gonen <Raanan.Gonen(a)nice.com> wrote:
Hi,
We are using Keycloak 1.7 for multi tenant environment where each tenant is a realm.
We have a cluster of 4 Keycloak servers and we see severe performance degradation when we
are using about 200 Realms with 200 users each.
Is that the expected behavior of Keycloak?
Are there known issues with such an amount of realms in Keycloak 1.7?
What should we do to be able to work with much more realms (we need about 2000)?
Thanks,
Raanan
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
- abstractj
2718
days inactive
2719
days old
5 comments
3 participants
participants (3)
-
Bruno Oliveira -
Gabriel Lavoie -
Raanan Gonen