[keycloak-user] Guidelines Load- / Stress-Testing Keycloak

Stian Thorgersen sthorger at redhat.com
Tue Apr 5 01:28:40 EDT 2016 

We have done a fair bit of performance testing ourselves recently, but I'd
be interested to know what the results are from your testing.

For complex flow I'd suggest going to an external client rather than
account management. Also, I'd suggest only a random number of the users
actively logout (in real life some users will click logout, but most will
just close the browser so there's a background thread that eventually
removes expired sessions).

For users you also need to make sure they have some role mappings.

On 1 April 2016 at 13:53, Thomas Darimont <thomas.darimont at googlemail.com>
wrote:

> Hello group,
>
> has anyone already stress tested a Keycloak deployment?
>
> The Keycloak Testsuite contains a rudimentary stress test for login/logout
> [0],
>
> but we were wondering whether someone has already done more thorough
> testing here that they are willing to share.
>
> We're looking into stress testing Keycloak with gatling [1] to get a sense
> for when Keycloak falls over and some information about JVM memory
> requirements during high load.
>
> Furthermore, are there any suggestions for use-cases that should be tested
> in particular, e.g.:
>
>    -
>
>    Simple Page Invocations (Unauthenticated, Authenticated)
>    -
>
>       Login
>       -
>
>       Logout
>       -
>
>       Registration
>       -
>
>       Account Page
>
>
>
>    -
>
>    Complex flows
>    -
>
>       Login, goto account page, Logout
>       -
>
>       Login, goto account page, change password, Logout, Login with new
>       password
>
>
>
>    -
>
>    Service Requests
>    -
>
>       Aquire Refresh Token
>       -
>
>       Aquire Access Token
>
>
> Are there any (knwon) potentially expensive operations that are not
> obvious that should be tested in particular?
>
>
> (in simulating a real-world load with high user counts, for example, are
> there any particularly expensive operations where a high user count would
> noticeably impact performance?)
>
> What is the best way to initialize Keycloak (e.g. backed by a PostgreSQL
> database) with varying (arbitrarily large) numbers of users, in order to
> get realistic performance numbers?
>
> Given that creating XX,000 users via the REST API might take some time, is
> it enough to simply generate 10,000 * X records in the UserEntity table?
>
> Cheers,
>
> Thomas
>
> [0] https://github.com/keycloak/keycloak/tree/master/testsuite/stress
> [1] http://gatling.io/
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160405/d024ce4b/attachment-0001.html

More information about the keycloak-user mailing list