[keycloak-dev] Bearer token size

Leonardo Loch Zanivan leonardo.zanivan at gmail.com
Tue May 5 08:31:05 EDT 2015


https://issues.jboss.org/browse/KEYCLOAK-1268

On Mon, May 4, 2015 at 3:59 PM Bill Burke <bburke at redhat.com> wrote:

> Log a JIRA.  We don't have a workaround for this.
>
> On 5/4/2015 2:42 PM, Leonardo Loch Zanivan wrote:
> > Hi,
> >
> > I have a big problem here because of bearer token size.
> >
> > I'm using keycloak within a SaaS application, so I need create alot of
> > realms.
> >
> > After 30 realms created, the bearer token issued for master admin user
> > has more than 8kb.
> > It's huge for a single header, Apache limits 8kb headers by default.
> > With 1000 realms, the bearer token of master admin user will have 3.5mb.
> > It'll be impossible to use keycloak in production, it occurs because
> > "resource_access" property has all realms with all possible roles.
> >
> > It's possible to create wildcard "*" for "resource_access" to prevent
> > that problem?
> >
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150505/e85199cc/attachment-0001.html 


More information about the keycloak-dev mailing list