[keycloak-user] Performance loss migrating from Keycloak 1.7.0 to Keycloak 2.5.5/3.x
Dmitry Telegin
mitya at cargosoft.ru
Wed May 24 04:25:11 EDT 2017
Hi Bill,
By the way, can we roughly estimate the amount of memory allocated per
each cached user?
We are planning a deployment with ~4M users, so I'm wondering if the
entire user set can fit into RAM of a typical server? If yes, do you
think it would be a good idea to write an extension for cache warm-up?
(i.e., to launch a background thread upon Keycloak startup that would
gradually load all the users into cache) I think that could improve
response times for restarted / newly added cluster nodes.
Thanks,
Dmitry
> Entire user is cached (role mappings, attributes, etc.) the first
> time
> it is accessed. Maybe in your old User Federation Provider, you
> loaded
> stuff on demand? Another thing you could try is to ditch the
> import.
> The new User Storage Model supports a non-import mode if you
> implement
> it correctly.
>
>
> On 5/16/17 9:09 AM, Vito Vessia wrote:
> > Hi all,
> > we have adopted Keycloak as foundation for our identity services
> > since the
> > beginning (july 2015) and after an initial development period we
> > developed
> > our federation/mail/whatever providers we fixed the underlyng
> > Keyckoak
> > version to 1.7.0 for more than one year.
> > Recently we have upgraded to Keycloak 2.5.5 doing a big reworking
> > related
> > to the new architecture of the former Federation providers, etc...
> > The first impression is the it is more robust and stable, but it
> > seems to
> > be slower then the 1.7.0 version. Without any SPI installed, using
> > a raw
> > keycloak realm, on the same machine the pure login via OpenId
> > Connect
> > endpoints takes:
> >
> > 30 ms on Keycloak 1.7.0 (average value after 100 logins)
> > 100 ms on Keycloak 2.5.5 (average value after 100 logins)
> >
> > We get the same gap both with H2 and Oracle database.
> >
> > If we mount our SPI providers (User Storage and others), the gap is
> > greater
> > but of course it could be an issue into our code after the
> > migration to the
> > new SPI architecture.
> >
> > Is there a specific reason for this gap? (i.e. a better management
> > of the
> > concurrency).
> > Is there a specific setting/strategy to improve the performance?
> >
> > The configuration has been tested both on Linux and Windows on a
> > standalone
> > server. The Wildfly -Xmx has been set to 1g on both the Keycloak
> > version.
> >
> > --Vito Vessia
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list