6:15 a.m.
Eventually it would be nice to support the ability for load balancers to
send all requests for a particular user session to the same node (browser
as well as client requests).
More details here: https://issues.jboss.org/browse/KEYCLOAK-2352
Is this a high priority for 1.9 or should it be 2.x? We may be able to put
it into 1.9.2 if required.
I'd like feedback on how useful folks think it would be as well as feedback
on the proposed implementation.
7:52 a.m.
I"m not sure how well keycloak would scale without this.
On 3/4/2016 7:15 AM, Stian Thorgersen wrote:
Eventually it would be nice to support the ability for load balancers
to send all requests for a particular user session to the same node
(browser as well as client requests).
More details here: https://issues.jboss.org/browse/KEYCLOAK-2352
Is this a high priority for 1.9 or should it be 2.x? We may be able to
put it into 1.9.2 if required.
I'd like feedback on how useful folks think it would be as well as
feedback on the proposed implementation.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
9:18 a.m.
Users are cached so that helps + it's possible to load balance based on
source address. Do you really think that a lot of people will run that many
nodes in either case?
On 4 March 2016 at 14:52, Bill Burke <bburke(a)redhat.com> wrote:
I"m not sure how well keycloak would scale without this.
On 3/4/2016 7:15 AM, Stian Thorgersen wrote:
Eventually it would be nice to support the ability for load balancers to
send all requests for a particular user session to the same node (browser
as well as client requests).
More details here: https://issues.jboss.org/browse/KEYCLOAK-2352
Is this a high priority for 1.9 or should it be 2.x? We may be able to put
it into 1.9.2 if required.
I'd like feedback on how useful folks think it would be as well as
feedback on the proposed implementation.
_______________________________________________
keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hathttp://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
9:31 a.m.
If the stable branch will be 1.9 which will be the base for the commercial
product, then it should make it in 1.9.x.
I belive a SSO should be a critical service, reliable, always available and
high performer, if for instance the SSO is not available it can lockout all
systems that depends on it.
*Ing. Jorge Solórzano*
about.me/jorsol
<https://about.me/jorsol?promo=email_sig&utm_source=email_sig&utm_...
On Fri, Mar 4, 2016 at 9:18 AM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Users are cached so that helps + it's possible to load balance
based on
source address. Do you really think that a lot of people will run that many
nodes in either case?
On 4 March 2016 at 14:52, Bill Burke <bburke(a)redhat.com> wrote:
> I"m not sure how well keycloak would scale without this.
>
>
> On 3/4/2016 7:15 AM, Stian Thorgersen wrote:
>
> Eventually it would be nice to support the ability for load balancers to
> send all requests for a particular user session to the same node (browser
> as well as client requests).
>
> More details here: https://issues.jboss.org/browse/KEYCLOAK-2352
>
> Is this a high priority for 1.9 or should it be 2.x? We may be able to
> put it into 1.9.2 if required.
>
> I'd like feedback on how useful folks think it would be as well as
> feedback on the proposed implementation.
>
>
> _______________________________________________
> keycloak-user mailing
listkeycloak-user@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
> Bill Burke
> JBoss, a division of Red Hathttp://bill.burkecentral.com
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
9:34 a.m.
There's a minimum of 4 Http Requests. There is about 6 SQL queries to
load a user. So, if there is 2 nodes, you have minimum 12 queries for
an uncached user. It really all depends how big the cache can be.
Couldn't a million users be cached on a pretty inexpensive box? My
laptop has 32 gig ram. 10K per user is 10 gigs for a million users.
Then, depending on UserSession ownership setting, you have
pulling/grabbing/replication of the client sessions as you hop between
nodes. This is the one that can't be fixed. I don't know how much of a
big deal it is.
On 3/4/2016 10:18 AM, Stian Thorgersen wrote:
Users are cached so that helps + it's possible to load balance
based
on source address. Do you really think that a lot of people will run
that many nodes in either case?
On 4 March 2016 at 14:52, Bill Burke <bburke(a)redhat.com
<mailto:bburke@redhat.com>> wrote:
I"m not sure how well keycloak would scale without this.
On 3/4/2016 7:15 AM, Stian Thorgersen wrote:
> Eventually it would be nice to support the ability for load
> balancers to send all requests for a particular user session to
> the same node (browser as well as client requests).
>
> More details here: https://issues.jboss.org/browse/KEYCLOAK-2352
>
> Is this a high priority for 1.9 or should it be 2.x? We may be
> able to put it into 1.9.2 if required.
>
> I'd like feedback on how useful folks think it would be as well
> as feedback on the proposed implementation.
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
4:46 a.m.
On 04/03/16 16:34, Bill Burke wrote:
There's a minimum of 4 Http Requests. There is about 6 SQL
queries to
load a user. So, if there is 2 nodes, you have minimum 12 queries for
an uncached user. It really all depends how big the cache can be.
Couldn't a million users be cached on a pretty inexpensive box? My
laptop has 32 gig ram. 10K per user is 10 gigs for a million users.
Then, depending on UserSession ownership setting, you have
pulling/grabbing/replication of the client sessions as you hop between
nodes. This is the one that can't be fixed. I don't know how much of
a big deal it is.
Just one important thing about how distributed infinispan caches
work by
default. I think it's quite important and may not be obvious, so writing
it here just for case. Feel free to ignore if you're already aware of it.
If you have numOwners=1 in configuration and on node1 you call:
cache.put("session-id1", userSession1);
It doesn't mean that session is automatically saved on the local node
(node1 in this case). Session can be saved internally on node2 and when
you call on node1:
cache.get("session-id1");
you may always have some remote cluster calls to lookup session from node2.
It seems by default infinispan decides just based on the hash of key
(sessionId in our case). Hopefully it's possible to change this
behaviour by use some custom hash factory :
http://infinispan.org/docs/8.2.x/user_guide/user_guide.html#_hashing_algo...
. IMO we should first investigate this, otherwise we may end with
situation when we implement sticky sessions support, but there won't be
any performance gain regarding userSessions lookup because of this
infinispan behaviour.
Marek
On 3/4/2016 10:18 AM, Stian Thorgersen wrote:
> Users are cached so that helps + it's possible to load balance based
> on source address. Do you really think that a lot of people will run
> that many nodes in either case?
>
> On 4 March 2016 at 14:52, Bill Burke <bburke(a)redhat.com
> <mailto:bburke@redhat.com>> wrote:
>
> I"m not sure how well keycloak would scale without this.
>
>
> On 3/4/2016 7:15 AM, Stian Thorgersen wrote:
>> Eventually it would be nice to support the ability for load
>> balancers to send all requests for a particular user session to
>> the same node (browser as well as client requests).
>>
>> More details here: https://issues.jboss.org/browse/KEYCLOAK-2352
>>
>> Is this a high priority for 1.9 or should it be 2.x? We may be
>> able to put it into 1.9.2 if required.
>>
>> I'd like feedback on how useful folks think it would be as well
>> as feedback on the proposed implementation.
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3229
days inactive
3232
days old
5 comments
4 participants
participants (4)
-
Bill Burke -
Jorge Solórzano -
Marek Posolda -
Stian Thorgersen