[keycloak-user] basic-auth
Gaétan Collaud
gaetancollaud at gmail.com
Tue Aug 22 02:56:04 EDT 2017
Hi,
I'm interested in this question. For legacy reason, I have to maintain the
basic auth possibility. And I noticed the huge amount of sessions too.
For the cache it's in the user federation. You may want to adjust the cache
policy (although it will be dependent on the implementation you use). I
know that keycloak cache the users but I'm not sure about the password
check.
Best regards,
Gaetan
Le lun. 21 août 2017 à 21:59, Amat, Juan (Nokia - US) <juan.amat at nokia.com>
a écrit :
> Hello,
>
> As we need to support some legacy applications we are enabling basic auth
> in the wildfly adapater of our REST oidc clients.
>
> What I have noticed is that for every REST call, a 'session' is created on
> the keycloak server.
> Is there a way to not create this session?
> We do have perf tests that will call those REST apis a lot and I am
> concerned that we will use memory for nothing.
>
> Another concern is that during those perf tests we noticed that the
> keycloak server was using a lot of CPU.
> A large part of it was used checking the password (the same user was used
> for all those calls).
> For legacy reason we cannot ask the caller to first get a token and use it
> for subsequent calls.
> So I am wondering if there is a way to configure some 'authentication
> cache'.
> (I guess that I am asking for something like the
> JBossCachedAuthenticationManager for those who know JBoss EAP/Wildfly).
>
> In fact I would not even care about the token too and just an OK/NOK from
> the keycloak server would be needed.
> This is probably too much to ask and I could do all this from my end.
> But then to support new clients that are OAuth aware I would need to
> replicate what the adapter is doing.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list