[keycloak-dev] Sharing HttpClient in backchannelLogout

Marek Posolda mposolda at redhat.com
Fri Apr 24 13:20:01 EDT 2015

Looks that both OIDCLoginProtocol.backchannelLogout and 
SamlProtocol.backchannelLogout always create new instance of Apache 
HttpClient used just during single invocation. I suspect this is not 
very good for performance as HTTP connections pool needs to be always 
created again and again? We're doing it even if client doesn't have 
adminUrl (no sending of HTTP request is even needed).

I wonder if we should share single instance of HttpClient (or 
ApacheHttpClient4Executor) per LoginProtocolFactory? Or even better, if 
we convert AuthenticationManager to the SPI (which is planned AFAIK) and 
pass the executor from there?


More information about the keycloak-dev mailing list