Not sure what could be wrong, but posting the whole realm config every X
minutes is pretty crazy. Why are you doing that?!
A few questions:
* Is the realm role still there? If the ID of the role changes then the
user role mappings will be lost. User role mappings are for a role by id,
not by name. So if you delete a role and re-create it role mappings are lost
* What database are you using?
* Do you have multiple nodes in a cluster?
* Does it happen to all users or just some?
On 17 November 2015 at 15:40, Johan Heylen <johan.heylen.public(a)gmail.com>
wrote:
Hallo,
we have noticed a strange behaviour in our Keycloak setup:
After a while, some users lose one of their assigned realm roles, without
anyone actually requesting this from the keycloak server (We see no admin
events who can explain this behaviour).
Could it be that something is wrong in some cache implementation or an in
issue in concurrency?
When I make a dump of the database, the role can also no longer be found
there in the user export, so it actually gets removed from there as well.
One specific thing we do, is managing the realm settings using the admin
REST API, which PUTs the realm config JSON every X minutes (X is currently
5 to 2 minutes), so the PUT call happens a lot (I can see it in the admin
events).
To exclude this as possible culprit, I've disable this constant updating
of the realm. I'll send an update wether this has had any impact, but
either way, the issue should not occur.
Has anyone already encountered this issue?
I can provide you with more config of the keycloak server and realm if
required... We are one 1.6.0
Could you help me with enabling the correct logging, so I might be able to
trace where the problem occurs or see what causes the drop of a realm role
on a user (His other realms roles remain untouched...)
Currently I am not able to reproduce this with a testcase, it just occurs
from time to time on a test platform, so I did not create a JIRA ticket yet
Tnx,
Johan Heylen
DNS Belgium
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user