Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-6387

Improve keycloakLoginModule implementation

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • AMQ 7.9.1.GA
    • broker-core
    • None
    • False
    • None
    • False
    • Release Notes, User Experience

      A customer has observed many requests (maxed to 20 by default in the keycloakLoginModule.configuration.connectionPoolSize operator parameter https://access.redhat.com/documentation/en-us/red_hat_amq/2021.q3/html-single/deploying_amq_broker_on_openshift/index#security-crd-reference_broker-ocp) being sent to Keycloak at the same time. 

      AMQ should not send all these requests parallel, but it should have a smarter caching implementation, to send only one requests to Keycloak to refresh the cache and return the old cached value until this call is complete, see current implementation in

      https://github.com/apache/activemq-artemis/blob/main/artemis-server/src/main/java/org/apache/activemq/artemis/core/security/impl/SecurityStoreImpl.java#L158

      The AMQ-SSO integration should be enhanced to avoid serious problems caused by a slow authentication provider.

            gaohoward Howard Gao
            rhn-support-tywickra Tyronne Wickramarathne
            Votes:
            1 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated: