[keycloak-user] Multi Tenant Keycloak Scale
Gabriel Lavoie
glavoie at gmail.com
Thu Dec 8 08:06:21 EST 2016
Hi Raanan,
we only have two nodes, but our authentication scenarios are currently
limited. Most of our issues were with admin login (large number of
sub-roles in the composite admin role), administration (slow realm
creation) and node restart with that number of realms.
In what cases are you experiencing the issues?
Do you have a lot of roles/composite roles in your realms?
Also, regarding an upgrade to 2.4.0. Some of the upgrade code is not
Liquibase, but Java code working with the model to migrate data. With 500
realms I had a very difficult time to upgrade to 2.4.0 without hacking the
code (peformance fixes I've submitted) and configuration. Other than the
code fixes, Keycloak recently started to use JTA to manage the transactions
which added a transaction timeout variable which is at 4 or 5 minutes by
default I think. There is also the WildFly startup timeout that I've hit. I
had to increase both to 2 hours to be able to upgrade without the code
fixes. Much lower with the code fixes, but I don't have a specific time in
mind as I haven't re-tested this recently.
Gabriel
2016-12-08 6:45 GMT-05:00 Raanan Gonen <Raanan.Gonen at nice.com>:
> Thank you Gabriel for the detailed response!
>
> May I ask how many KC servers are using for the 500-600 tenants setup?
>
>
>
> Regards,
>
> Raanan
>
>
>
> *From:* Gabriel Lavoie [mailto:glavoie at gmail.com]
> *Sent:* יום ה, 08 דצמבר 2016 01:48
> *To:* Raanan Gonen <Raanan.Gonen at nice.com>
> *Cc:* keycloak-user at lists.jboss.org; Vadim Ilyasov <Vadim.Ilyasov at nice.com>;
> Itay Even-Hen <Itay.Even-Hen at nice.com>; Yuvraj Sawant <
> Yuvraj.Sawant at nice.com>
> *Subject:* Re: [keycloak-user] Multi Tenant Keycloak Scale
>
>
>
> Hi Raanan,
>
> we've hit many issues on our side with a large number of realms and
> took some time to study and fix them. I suggest you to have a look at this
> thread in the dev ML:
>
>
>
> http://lists.jboss.org/pipermail/keycloak-dev/2016-November/008439.html
>
>
>
> I have 5 pull requests that were submitted, 2 merged and 3 still pending
> for the 3.x release. For now, we're running an in-house Keycloak build with
> those fixes.
>
>
>
> There could still be some areas that are not covered by my pull requests
> that we haven't hit yet.
>
>
>
> Gabriel
>
>
>
> 2016-12-07 14:19 GMT-05:00 Raanan Gonen <Raanan.Gonen at nice.com>:
>
> Hi,
>
> We are using Keycloak 1.7 for multi tenant environment where each tenant
> is a realm.
> We have a cluster of 4 Keycloak servers and we see severe performance
> degradation when we are using about 200 Realms with 200 users each.
> Is that the expected behavior of Keycloak?
> Are there known issues with such an amount of realms in Keycloak 1.7?
> What should we do to be able to work with much more realms (we need about
> 2000)?
>
> Thanks,
> Raanan
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
> --
>
> Gabriel Lavoie
> glavoie at gmail.com
>
--
Gabriel Lavoie
glavoie at gmail.com
More information about the keycloak-user
mailing list