[keycloak-user] Keycloak & Large # of Realms
John D. Ament
john.d.ament at gmail.com
Thu Oct 26 19:10:30 EDT 2017
Adding a query param was one option we were talking about. The other was
to introduce a new endpoint to do this querying. Either way it should also
be a lighter DB query that pulls back the id/name combinations.
BTW, Why do you display the "name" value on the screen instead of the
display name value? Not a critical issue, but a noted quirk.
John
On Thu, Oct 26, 2017 at 4:18 AM Stian Thorgersen <sthorger at redhat.com>
wrote:
> The admin console only needs the realm id and name at this point afaik and
> it will go and fetch the whole realm json rep separately. Changing the API
> wouldn't be nice so adding an extra query param perhaps that requests only
> the needed content?
>
> On 25 October 2017 at 20:17, John D. Ament <john.d.ament at gmail.com> wrote:
>
>> Hi All
>>
>> Looking for some more insight, haven't heard about this issue in a while.
>>
>> The specific endpoint I'm having issues with is the /auth/admin/realms
>> endpoint ->
>>
>> https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/admin/RealmsAdminResource.java#L98
>>
>> For what Keycloak is doing in the UI for the list realms, is it necessary
>> to provide all realm details or can it use a simplified version of the
>> realm representation to populate the drop down in the top left navigation
>> (at least I'm assuming that's where it's being fetched to be populated
>> into)?
>>
>> I'm seeing this endpoint perform particularly slowly. Some of the key
>> spots (I have 125
>>
>> - 750 calls to select authentica0_.ID as ID1_3_0_, authentica0_.ALIAS as
>> ALIAS2_3_0_, authentica0_.BUILT_IN as BUILT_IN3_3_0_,
>> authentica0_.DESCRIPTION as DESCRIPT4_3_0_, authentica0_.PROVIDER_ID as
>> PROVIDER5_3_0_, authentica0_.REALM_ID as REALM_ID7_3_0_,
>> authentica0_.TOP_LEVEL as TOP_LEVE6_3_0_ from AUTHENTICATION_FLOW
>> authentica0_ where authentica0_.ID='15249ca1-1be3-4b59-a0e0-80bf00a107a4'
>> (the ID changes per request, looks like you're loading auth flows per ID)
>> - 250 calls to get client entities
>> - 125 calls for groups, locales, enabled events, required actions, roles,
>> smtp config, idps, attributes, roles, role mappers, etc.
>>
>> I suspect the 125 calls are needed, we don't want to load those in a
>> larger
>> batch. However, if there's a simpler use for realms that would be
>> beneficial from a loading standpoint.
>>
>> John
>>
> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
More information about the keycloak-user
mailing list