We have some further improvements coming in 1.9.1 which is due to be
released today. Please test with that and let us know if you still have
issues.
On 8 March 2016 at 14:57, Malmi Samarasinghe <malmi.suh(a)gmail.com> wrote:
Hi All,
We have upgraded the keycloak version to 1.9.0.
I just carried out a load test on our identity server and it seems to have
reduced the failures to a great extent.
However, when I execute 50 threads per second, there are some intermittent
failures (2-3 failures for 50 threads). I further noticed that the
frequency is higher for realm roles than for client roles.
Regards,
Malmi
On Sat, Feb 6, 2016 at 8:33 AM, Malmi Samarasinghe <malmi.suh(a)gmail.com>
wrote:
> Many Thanks to your assistance regarding the issue.
>
> On Fri, Feb 5, 2016 at 7:12 PM, Bill Burke <bburke(a)redhat.com> wrote:
>
>> 1.9.0.Final will have it...
>>
>>
>> On 2/5/2016 7:50 AM, Malmi Samarasinghe wrote:
>>
>> Hi Stian,
>>
>> Thank you very much for looking in to the issue. We tried with around 6
>> role creations per second, and I tried switching off realm cache and it had
>> negative impact on the performance of other API s.
>>
>> Really appreciate if you could suggest us a rough timeline for a fix
>> date.
>>
>> Regards,
>> Malmi
>>
>> On Fri, Feb 5, 2016 at 3:20 PM, Stian Thorgersen <sthorger(a)redhat.com>
>> wrote:
>>
>>> Either don't create roles concurrently or disable cache.
>>>
>>> How frequently are you creating roles? Just wondering because if you do
>>> it will significantly impact the benefits of the cache as we invalidate a
>>> large amount of the cache when roles are added/removed.
>>>
>>> The problem you are seeing is most likely down to a race condition when
>>> the realm role list (or client role lists) are re-loaded after they are
>>> invalidated. I haven't had much time to look at it yet, so I don't
know the
>>> exact cause or a solution.
>>>
>>> On 5 February 2016 at 09:57, Malmi Samarasinghe <
<malmi.suh(a)gmail.com>
>>> malmi.suh(a)gmail.com> wrote:
>>>
>>>> Hi Stian,
>>>>
>>>> We have this in production is there any intermediary fix that we can
>>>> do or any workaround?
>>>>
>>>> Regards,
>>>> Malmi
>>>>
>>>> On Fri, Feb 5, 2016 at 2:11 PM, Stian Thorgersen
<sthorger(a)redhat.com>
>>>> wrote:
>>>>
>>>>> Confirmed this bug
<
https://issues.jboss.org/browse/KEYCLOAK-2458>
>>>>>
https://issues.jboss.org/browse/KEYCLOAK-2458
>>>>>
>>>>> On 5 February 2016 at 06:53, Malmi Samarasinghe <
>>>>> <malmi.suh@gmail.com>malmi.suh(a)gmail.com> wrote:
>>>>>
>>>>>> Hi Stian/Bill,
>>>>>>
>>>>>> I just wanted to highlight that this issue only occurred when
realm
>>>>>> cache enabled option is ON.
>>>>>>
>>>>>> Regards,
>>>>>> Malmi
>>>>>>
>>>>>> On Thu, Feb 4, 2016 at 8:38 PM, Malmi Samarasinghe <
>>>>>> <malmi.suh@gmail.com>malmi.suh(a)gmail.com> wrote:
>>>>>>
>>>>>>> Hi Stian
>>>>>>>
>>>>>>> I have multiple threads creating different roles. Basically
one
>>>>>>> thread will execute all three apis one after another.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Malmi
>>>>>>>
>>>>>>> On Thu, Feb 4, 2016 at 5:23 PM, Stian Thorgersen <
>>>>>>> <sthorger@redhat.com>sthorger(a)redhat.com> wrote:
>>>>>>>
>>>>>>>> When you say method1 is executed in multiple threads, do
you mean
>>>>>>>> one thread creates the role and another retrieves it? Or
do you have
>>>>>>>> multiple threads creating different roles?
>>>>>>>>
>>>>>>>> On 4 February 2016 at 12:31, Malmi Samarasinghe <
>>>>>>>> <malmi.suh@gmail.com>malmi.suh(a)gmail.com>
wrote:
>>>>>>>>
>>>>>>>>> Hi Bill,
>>>>>>>>>
>>>>>>>>> Please find the work flow that we have implemented
>>>>>>>>> create user : POST : admin/realms/{realm}/users
>>>>>>>>>
>>>>>>>>> *Method1* wrapps the following API calls
>>>>>>>>> Create Realm role : POST :
admin/realms/{realm}/roles
>>>>>>>>> Retrieve Role : GET :
admin/realms/{realm}/roles/{roleName}
>>>>>>>>> Assign Role : POST :
>>>>>>>>> admin/realms/leapset/users/{0}/role-mappings/realm
>>>>>>>>>
>>>>>>>>> Same for the client roles as well.
>>>>>>>>>
>>>>>>>>> *Method1 *is executed in multiple threads and assign
reams role
>>>>>>>>> API starts failing with 404 (keycloak log states role
not found)
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Malmi
>>>>>>>>>
>>>>>>>>> On Thu, Feb 4, 2016 at 9:00 AM, Bill Burke <
<bburke(a)redhat.com>
>>>>>>>>> bburke(a)redhat.com> wrote:
>>>>>>>>>
>>>>>>>>>> Can you give me what REST invocations you are
doing? How do you
>>>>>>>>>> find the role? How do you create the role?
etc...
>>>>>>>>>>
>>>>>>>>>> On 2/3/2016 9:45 PM, Malmi Samarasinghe wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Bill,
>>>>>>>>>>
>>>>>>>>>> We tried the above fix on top of 1.7.0 by
applying the changes
>>>>>>>>>> from the commits attached to the
>>>>>>>>>>
<
https://issues.jboss.org/browse/KEYCLOAK-2327>
>>>>>>>>>>
https://issues.jboss.org/browse/KEYCLOAK-2327 and
deployed, and
>>>>>>>>>> it seems to have the same issue. If you have any
further update on this
>>>>>>>>>> please let us know.
>>>>>>>>>>
>>>>>>>>>> Regards,
>>>>>>>>>> Malmi
>>>>>>>>>>
>>>>>>>>>> On Mon, Feb 1, 2016 at 4:02 PM, Stian Thorgersen
<
>>>>>>>>>>
<sthorger@redhat.com>sthorger(a)redhat.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> This could be related to
>>>>>>>>>>>
<
https://issues.jboss.org/browse/KEYCLOAK-2327>
>>>>>>>>>>>
https://issues.jboss.org/browse/KEYCLOAK-2327.
>>>>>>>>>>>
>>>>>>>>>>> It's already fixed in master, so if you
can try it out that
>>>>>>>>>>> would be great. We should also have a
1.8.1.Final release this week with
>>>>>>>>>>> the fix in as well.
>>>>>>>>>>>
>>>>>>>>>>> On 30 January 2016 at 05:16, Malmi
Samarasinghe <
>>>>>>>>>>>
<malmi.suh@gmail.com>malmi.suh(a)gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Bill,
>>>>>>>>>>>>
>>>>>>>>>>>> We are using keycloak 1.7.0 and rdbms
(mysql)
>>>>>>>>>>>>
>>>>>>>>>>>> Regards,
>>>>>>>>>>>> Malmi Samarasinghe
>>>>>>>>>>>> On Jan 29, 2016 7:41 PM, "Bill
Burke" < <bburke(a)redhat.com>
>>>>>>>>>>>> bburke(a)redhat.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Which version of keycloak? RDBMS or
Mongo?
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 1/29/2016 12:35 AM, Malmi
Samarasinghe wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Everyone,
>>>>>>>>>>>>>
>>>>>>>>>>>>> In my application we create retrieve
and assign role
>>>>>>>>>>>>> subsequently and it seems that even
for a small load (2-3 threads) with
>>>>>>>>>>>>> realm cache enabled option, assign
realm role call fails due to role not
>>>>>>>>>>>>> exist error and 404 is returned from
keycloak.
>>>>>>>>>>>>>
>>>>>>>>>>>>> With the realm cache disabled option
the load works fine.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Please get back to me if you have any
information on any
>>>>>>>>>>>>> other option we can follow to get
this issue sorted or on what action the
>>>>>>>>>>>>> realm cache will be persisted to DB.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Malmi
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>>> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Bill Burke
>>>>>>>>>>>>> JBoss, a division of Red
Hathttp://bill.burkecentral.com
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>>
<keycloak-user@lists.jboss.org>keycloak-user(a)lists.jboss.org
>>>>>>>>>>>>>
<
https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
_______________________________________________
>>>>>>>>>>>> keycloak-user mailing list
>>>>>>>>>>>>
<keycloak-user@lists.jboss.org>keycloak-user(a)lists.jboss.org
>>>>>>>>>>>>
<
https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Bill Burke
>>>>>>>>>> JBoss, a division of Red
Hathttp://bill.burkecentral.com
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red
Hathttp://bill.burkecentral.com
>>
>>
>