Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-14329

[Client performance] Client REST API performance when creating client with serviceaccount enabled

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 9.0.3, 10.0.1
    • Fix Version/s: 12.0.0
    • Component/s: Admin - REST API
    • Labels:
      None
    • Sprint:
      Keycloak Sprint 42, Keycloak Sprint 43, Keycloak Sprint 44
    • Steps to Reproduce:
      Hide

      Running on local machine (i7, 64GB RAM, SSD) within docker

      Download and execute run.sh. The script assumes Fedora with these packages installed: podman podman-compose xmlstarlet

      run.sh will download all the other attachments on this issue and start up a containerized reproduction environment. You should see in the log output from the script that the 1000 extra users at the end take an inordinate amount of time to add, about 30 minutes.

      Show
      Running on local machine (i7, 64GB RAM, SSD) within docker Download and execute run.sh. The script assumes Fedora with these packages installed: podman podman-compose xmlstarlet run.sh will download all the other attachments on this issue and start up a containerized reproduction environment. You should see in the log output from the script that the 1000 extra users at the end take an inordinate amount of time to add, about 30 minutes.
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      We have more than 10k customers. Each customer has few stores (physical location). This store has some machines that are doing reports to our systems. There's no user interaction, really just machine to machine communication so for this we decided to use confidential clients with only service account enabled. It's up to the customer whether s/he decides to create client for each store or one client for all stores. With the given numbers we are reaching current limitation of clients implementation.

      I'm creating clients through REST API.
      Each client is created with following data:

      {
          "attributes": {},
          "bearerOnly": false,
          "clientAuthenticatorType": "client-secret",
          "secret":"{{client-secret}}",
          "clientId": "{{client-id}}",
          "directAccessGrantsEnabled": false,
          "enabled": true,
          "implicitFlowEnabled": false,
          "name": "{{client-name}}",
          "protocol": "openid-connect",
          "publicClient": false,
          "redirectUris": [],
          "serviceAccountsEnabled": true,
          "standardFlowEnabled": false
      }
      

      Also user creation is broken (takes ~50 seconds) when there's ~10k of clients with service accounts.

        Gliffy Diagrams

          Attachments

          1. DF-Test-Keycloak-Create-Users.jmx
            41 kB
          2. kc14329-compose.yaml
            0.9 kB
          3. realm-df-client.json
            65 kB
          4. run.sh
            2 kB

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  bilaak Lukáš Vasek
                • Votes:
                  2 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated: