Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-1268

Token for admin becomes to large with many realms

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 3.2.0.CR1
    • 1.2.0.CR1
    • None
    • None
    • Hide

      Bearer token sample with 10 realms:

      eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJiMjRkYWI0My0wMzFiLTQ4NmYtYmNkNC1iZDhhY2RkMjVjNzQiLCJleHAiOjE0MzA4MjgxMjQsIm5iZiI6MCwiaWF0IjoxNDMwODI4MDY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvbWFzdGVyIiwiYXVkIjoicmVnaXN0cmF0aW9uIiwic3ViIjoiZjI5YjA1YTUtNWQzZi00NzZiLWEyNDktNzJmYTc0ZjQxODQwIiwiYXpwIjoicmVnaXN0cmF0aW9uIiwic2Vzc2lvbl9zdGF0ZSI6ImIxMGY5N2ZmLTFkZGQtNGJlOS05NDc2LTQ5YmRhYjZmNjBlOCIsImNsaWVudF9zZXNzaW9uIjoiYWJiZTE5YjItYmM5Ny00MjVjLWE0ODktOTE2YzI2Y2Q5MzJmIiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImNyZWF0ZS1yZWFsbSIsImFkbWluIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsidDAwMDEwLXJlYWxtIjp7InJvbGVzIjpbInZpZXctcmVhbG0iLCJtYW5hZ2UtZXZlbnRzIiwidmlldy1pZGVudGl0eS1wcm92aWRlcnMiLCJtYW5hZ2UtcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1ldmVudHMiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sInQwMDAwNi1yZWFsbSI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwibWFuYWdlLWV2ZW50cyIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctZXZlbnRzIiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGllbnRzIl19LCJ0MDAwMDgtcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1yZWFsbSIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJ2aWV3LWV2ZW50cyIsIm1hbmFnZS11c2VycyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtY2xpZW50cyJdfSwidDAwMDAyLXJlYWxtIjp7InJvbGVzIjpbIm1hbmFnZS1ldmVudHMiLCJ2aWV3LXJlYWxtIiwidmlldy1pZGVudGl0eS1wcm92aWRlcnMiLCJtYW5hZ2UtcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1ldmVudHMiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sInQwMDAwNy1yZWFsbSI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwibWFuYWdlLWV2ZW50cyIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctZXZlbnRzIiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGllbnRzIl19LCJtYXN0ZXItcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1yZWFsbSIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJ2aWV3LWV2ZW50cyIsIm1hbmFnZS11c2VycyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtY2xpZW50cyJdfSwidDAwMDA5LXJlYWxtIjp7InJvbGVzIjpbInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJtYW5hZ2UtcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1ldmVudHMiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sInQwMDAwMy1yZWFsbSI6eyJyb2xlcyI6WyJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctcmVhbG0iLCJtYW5hZ2UtZXZlbnRzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctZXZlbnRzIiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGllbnRzIl19LCJ0MDAwMDQtcmVhbG0iOnsicm9sZXMiOlsidmlldy1pZGVudGl0eS1wcm92aWRlcnMiLCJtYW5hZ2UtZXZlbnRzIiwidmlldy1yZWFsbSIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJ2aWV3LWV2ZW50cyIsIm1hbmFnZS11c2VycyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtY2xpZW50cyJdfSwidDAwMDExLXJlYWxtIjp7InJvbGVzIjpbInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJtYW5hZ2UtcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1ldmVudHMiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sInQwMDAwMS1yZWFsbSI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwibWFuYWdlLWV2ZW50cyIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctZXZlbnRzIiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGllbnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19LCJ0MDAwMDUtcmVhbG0iOnsicm9sZXMiOlsidmlldy1yZWFsbSIsIm1hbmFnZS1ldmVudHMiLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJ2aWV3LWV2ZW50cyIsIm1hbmFnZS11c2VycyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtY2xpZW50cyJdfX0sIm5hbWUiOiIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJyZWdpc3RyYXRpb24ifQ.IKTmpZGTQvEX5g4Ed2YXWKGCyLC5FGYNmVVEHkc-6sFN-9FXFeu375PI70gp1EOYAENu12Dew7ziIkrrPNGpfRoSZieCcXhPLGwKvMqCKxmm0Tp_4oXxQ6QsB94OU1ovHhKRdUtZ7075ju8tngDuom5SWkeOVMOqzFDkdK6VAhXJ91FllZy_ejRCK6G0bKo28ML2whUQHJgFOCPtwACk0tLZehabNdDnf47wfXWk1vm5xSIuz_uodkQba6UHNSlsr3TQhOaLHBJP7e7MgZXKc1UTUDIRy36zsdRUHlScIwQhnfNKc9bFdvACTYxeN62Arh15JefIPLoEKPAx4jQ

      Show
      Bearer token sample with 10 realms: eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJiMjRkYWI0My0wMzFiLTQ4NmYtYmNkNC1iZDhhY2RkMjVjNzQiLCJleHAiOjE0MzA4MjgxMjQsIm5iZiI6MCwiaWF0IjoxNDMwODI4MDY0LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvbWFzdGVyIiwiYXVkIjoicmVnaXN0cmF0aW9uIiwic3ViIjoiZjI5YjA1YTUtNWQzZi00NzZiLWEyNDktNzJmYTc0ZjQxODQwIiwiYXpwIjoicmVnaXN0cmF0aW9uIiwic2Vzc2lvbl9zdGF0ZSI6ImIxMGY5N2ZmLTFkZGQtNGJlOS05NDc2LTQ5YmRhYjZmNjBlOCIsImNsaWVudF9zZXNzaW9uIjoiYWJiZTE5YjItYmM5Ny00MjVjLWE0ODktOTE2YzI2Y2Q5MzJmIiwiYWxsb3dlZC1vcmlnaW5zIjpbXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImNyZWF0ZS1yZWFsbSIsImFkbWluIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsidDAwMDEwLXJlYWxtIjp7InJvbGVzIjpbInZpZXctcmVhbG0iLCJtYW5hZ2UtZXZlbnRzIiwidmlldy1pZGVudGl0eS1wcm92aWRlcnMiLCJtYW5hZ2UtcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1ldmVudHMiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sInQwMDAwNi1yZWFsbSI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwibWFuYWdlLWV2ZW50cyIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctZXZlbnRzIiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGllbnRzIl19LCJ0MDAwMDgtcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1yZWFsbSIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJ2aWV3LWV2ZW50cyIsIm1hbmFnZS11c2VycyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtY2xpZW50cyJdfSwidDAwMDAyLXJlYWxtIjp7InJvbGVzIjpbIm1hbmFnZS1ldmVudHMiLCJ2aWV3LXJlYWxtIiwidmlldy1pZGVudGl0eS1wcm92aWRlcnMiLCJtYW5hZ2UtcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1ldmVudHMiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sInQwMDAwNy1yZWFsbSI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwibWFuYWdlLWV2ZW50cyIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctZXZlbnRzIiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGllbnRzIl19LCJtYXN0ZXItcmVhbG0iOnsicm9sZXMiOlsibWFuYWdlLWV2ZW50cyIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1yZWFsbSIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJ2aWV3LWV2ZW50cyIsIm1hbmFnZS11c2VycyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtY2xpZW50cyJdfSwidDAwMDA5LXJlYWxtIjp7InJvbGVzIjpbInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJtYW5hZ2UtcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1ldmVudHMiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sInQwMDAwMy1yZWFsbSI6eyJyb2xlcyI6WyJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctcmVhbG0iLCJtYW5hZ2UtZXZlbnRzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctZXZlbnRzIiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGllbnRzIl19LCJ0MDAwMDQtcmVhbG0iOnsicm9sZXMiOlsidmlldy1pZGVudGl0eS1wcm92aWRlcnMiLCJtYW5hZ2UtZXZlbnRzIiwidmlldy1yZWFsbSIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJ2aWV3LWV2ZW50cyIsIm1hbmFnZS11c2VycyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtY2xpZW50cyJdfSwidDAwMDExLXJlYWxtIjp7InJvbGVzIjpbInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLWV2ZW50cyIsInZpZXctcmVhbG0iLCJtYW5hZ2UtcmVhbG0iLCJtYW5hZ2UtaWRlbnRpdHktcHJvdmlkZXJzIiwidmlldy1ldmVudHMiLCJtYW5hZ2UtdXNlcnMiLCJ2aWV3LXVzZXJzIiwidmlldy1jbGllbnRzIiwibWFuYWdlLWNsaWVudHMiXX0sInQwMDAwMS1yZWFsbSI6eyJyb2xlcyI6WyJ2aWV3LXJlYWxtIiwibWFuYWdlLWV2ZW50cyIsInZpZXctaWRlbnRpdHktcHJvdmlkZXJzIiwibWFuYWdlLXJlYWxtIiwibWFuYWdlLWlkZW50aXR5LXByb3ZpZGVycyIsInZpZXctZXZlbnRzIiwibWFuYWdlLXVzZXJzIiwidmlldy11c2VycyIsInZpZXctY2xpZW50cyIsIm1hbmFnZS1jbGllbnRzIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50Iiwidmlldy1wcm9maWxlIl19LCJ0MDAwMDUtcmVhbG0iOnsicm9sZXMiOlsidmlldy1yZWFsbSIsIm1hbmFnZS1ldmVudHMiLCJ2aWV3LWlkZW50aXR5LXByb3ZpZGVycyIsIm1hbmFnZS1yZWFsbSIsIm1hbmFnZS1pZGVudGl0eS1wcm92aWRlcnMiLCJ2aWV3LWV2ZW50cyIsIm1hbmFnZS11c2VycyIsInZpZXctdXNlcnMiLCJ2aWV3LWNsaWVudHMiLCJtYW5hZ2UtY2xpZW50cyJdfX0sIm5hbWUiOiIiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJyZWdpc3RyYXRpb24ifQ.IKTmpZGTQvEX5g4Ed2YXWKGCyLC5FGYNmVVEHkc-6sFN-9FXFeu375PI70gp1EOYAENu12Dew7ziIkrrPNGpfRoSZieCcXhPLGwKvMqCKxmm0Tp_4oXxQ6QsB94OU1ovHhKRdUtZ7075ju8tngDuom5SWkeOVMOqzFDkdK6VAhXJ91FllZy_ejRCK6G0bKo28ML2whUQHJgFOCPtwACk0tLZehabNdDnf47wfXWk1vm5xSIuz_uodkQba6UHNSlsr3TQhOaLHBJP7e7MgZXKc1UTUDIRy36zsdRUHlScIwQhnfNKc9bFdvACTYxeN62Arh15JefIPLoEKPAx4jQ
    • ASSIGNED

    Description

      I have a big problem here because of bearer token size.

      I'm using keycloak within a SaaS application, so I need create alot of realms.

      After 20 realms created, the bearer token issued for master admin user has more than 8kb.

      It's huge for a single header and Apache limits headers upto 8kb.

      With 1000 realms, the bearer token of master admin user will have 400kb.

      It'll be impossible to use keycloak in production, it occurs because "resource_access" property has all realms with all possible roles.

      I think we can prevent that problem not issuing "resource_access" to a user with "admin" role in master realm.

      Another approach is storing "resource_access" state in the server side, which will improve network performance alot.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. KEYCLOAK-3067 Size of a request header field exceeds server limit

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. KEYCLOAK-3442 whoami and bearer token

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Enhancement - An enhancement or refactoring of existing functionality KEYCLOAK-4593 Support having large number of realms

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Plan

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: KEYCLOAK

              People

                patriot1burke@gmail.com Bill Burke (Inactive)
                pangalz@gmail.com Leonardo Zanivan (Inactive)
                Mark True Mark True (Inactive)
                Votes:
                7 Vote for this issue
                Watchers:
                13 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: