[keycloak-user] Keycloak & Large # of Realms

Stian Thorgersen sthorger at redhat.com
Thu Oct 26 04:18:36 EDT 2017 

The admin console only needs the realm id and name at this point afaik and
it will go and fetch the whole realm json rep separately. Changing the API
wouldn't be nice so adding an extra query param perhaps that requests only
the needed content?

On 25 October 2017 at 20:17, John D. Ament <john.d.ament at gmail.com> wrote:

> Hi All
>
> Looking for some more insight, haven't heard about this issue in a while.
>
> The specific endpoint I'm having issues with is the /auth/admin/realms
> endpoint ->
> https://github.com/keycloak/keycloak/blob/master/services/
> src/main/java/org/keycloak/services/resources/admin/
> RealmsAdminResource.java#L98
>
> For what Keycloak is doing in the UI for the list realms, is it necessary
> to provide all realm details or can it use a simplified version of the
> realm representation to populate the drop down in the top left navigation
> (at least I'm assuming that's where it's being fetched to be populated
> into)?
>
> I'm seeing this endpoint perform particularly slowly.  Some of the key
> spots (I have 125
>
> - 750 calls to select authentica0_.ID as ID1_3_0_, authentica0_.ALIAS as
> ALIAS2_3_0_, authentica0_.BUILT_IN as BUILT_IN3_3_0_,
> authentica0_.DESCRIPTION as DESCRIPT4_3_0_, authentica0_.PROVIDER_ID as
> PROVIDER5_3_0_, authentica0_.REALM_ID as REALM_ID7_3_0_,
> authentica0_.TOP_LEVEL as TOP_LEVE6_3_0_ from AUTHENTICATION_FLOW
> authentica0_ where authentica0_.ID='15249ca1-1be3-4b59-a0e0-80bf00a107a4'
> (the ID changes per request, looks like you're loading auth flows per ID)
> - 250 calls to get client entities
> - 125 calls for groups, locales, enabled events, required actions, roles,
> smtp config, idps, attributes, roles, role mappers, etc.
>
> I suspect the 125 calls are needed, we don't want to load those in a larger
> batch.  However, if there's a simpler use for realms that would be
> beneficial from a loading standpoint.
>
> John
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list