[keycloak-user] Keycloak goes to AD to fetch users every page load, does not use local store.

Bill Burke bburke at redhat.com
Thu Aug 4 09:19:43 EDT 2016 

You mean when you manage the users from the Admin Console?  The 
searchbox is meant to be a general pattern and is equivalent to a LIKE 
clause in RDBMS.  So this means all providers must be queried.


On 8/4/16 7:54 AM, Ushanas Shastri wrote:
>
> Classification: INTERNAL
>
> Hello,
>
> We have Keycloak setup with SQL Server as a persistent store, and we 
> have User Federation enabled with Microsoft Active Directory.
>
> Why does Keycloak go back to querying AD on every page load (Manage-> 
> Users or the Evaluate tab in Authorization)? Should it not get a list 
> of users from the local SQL store only?
>
> I’m seeing that on the page load, Keycloak gets a list of all users 
> from AD. Considering we have a large number of users, this is time 
> consuming. Don’t know if it matters, but we do have an AD filter.
>
> Regards, Ushanas.
>
> *Viteos Fund Services Ltd**| *www.viteos.com 
> <http://www.viteosfundservices.com/>
>
> *Direct :*+91-22-61082230 | US : +1- 888-821-7561 extn 240
>
> *Cell :*+91-9820225580
>
> Email : ushanas.shastri at viteos.com <mailto:ushanas.shastri at viteos.com>
>
> This message is for the named person's use only. It may contain 
> confidential, proprietary or legally privileged information. No 
> confidentiality or privilege is waived or lost by any 
> mis-transmission. If you receive this message in error, please 
> immediatelydelete it and all copies of it from your system, destroy 
> any hard copies of it and notify the sender. You must not, directly or 
> indirectly, use, disclose, distribute, print, or copy any part of this 
> message if you are not the intended recipient. Viteos Capital Market 
> Services Ltd.and any of its subsidiaries each reserve the right to 
> monitor all e-mail communications through its networks. Any views 
> expressed in this message are those of the individual sender, except 
> where the message states otherwise and the sender is authorized to 
> state them to be the views of any such entit.
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160804/de0357db/attachment.html

More information about the keycloak-user mailing list