[keycloak-user] Permissions performance problem

Pedro Igor Silva psilva at redhat.com
Mon May 27 09:54:20 EDT 2019


Hi,

The resource set is the same in both scenarios as they are related to
api-server. The same goes for permissions and policies.

I don't know what may be causing this difference, but maybe you can find a
clue when running the evaluation tool to compare how evaluation is
performed in both situations.

On Sat, May 25, 2019 at 1:12 PM Corentin Dupont <corentin.dupont at gmail.com>
wrote:

> Hi guys,
> I noticed that if I request permissions with one client, it is faster than
> with another one.
> For instance:
>
> TOKEN=`curl -X POST  -H "Content-Type: application/x-www-form-urlencoded"
> -d
> 'username=cdupont&password=xxx&grant_type=password&*client_id=api-server*&client_secret=4e9dcb80-efcd-484c-b3d7-1e95a0096ac0'
> "http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token" |
> jq .access_token -r`
> time curl -X POST
> http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token -H
> "Authorization: Bearer $TOKEN" -d
>
> "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audience=api-server&permission=#devices:view&response_mode=permissions"
> *real 0m0,196s*
> user 0m0,000s
> sys 0m0,006s
>
> TOKEN=`curl -X POST  -H "Content-Type: application/x-www-form-urlencoded"
> -d
> 'username=cdupont&password=xxx&grant_type=password&*client_id=dashboard*'
> "http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token" |
> jq .access_token -r`
> time curl -X POST
> http://localhost:8080/auth/realms/waziup/protocol/openid-connect/token -H
> "Authorization: Bearer $TOKEN" -d
>
> "grant_type=urn:ietf:params:oauth:grant-type:uma-ticket&audience=api-server&permission=#devices:view&response_mode=permissions"
> *real 0m2,142s*
> user 0m0,006s
> sys 0m0,006s
>
> The only difference between the two commands is the client (highlighted in
> red). With the second client, it takes 2 seconds more consistently.
> Any idea? I might be a cache problem...
> Cheers
> Corentin
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list