New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot display 'Authentication Flows' screen when a realm contains more than ~4000 clients #21010
Comments
https://github.com/Cosium/keycloak-issue-21010 shows how to reproduce the issue |
Noting that it also appears if you were to have a high number of identity providers configured you would hit a similar issue, though that may be a more rare case for folks, it is still going to lead to a scaling issue. |
…re than ~4000 clients (keycloak#21058) closes keycloak#21010 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
…re than ~4000 clients (keycloak#21058) closes keycloak#21010 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
…re than ~4000 clients (keycloak#21058) closes keycloak#21010 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
…re than ~4000 clients (keycloak#21058) closes keycloak#21010 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
…re than ~4000 clients (keycloak#21058) closes keycloak#21010 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com> Signed-off-by: Kamontat Chantrachirathumrong <14089557+kamontat@users.noreply.github.com>
…re than ~4000 clients (keycloak#21058) closes keycloak#21010 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com> (cherry picked from commit 3f014c7)
…re than ~4000 clients (keycloak#21058) closes keycloak#21010 Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com> (cherry picked from commit 3f014c7)
Hi @mposolda . I have verified this is fixed on Keycloak 23.0.4. We are actually using Red Hat Build for Keycloak 22.0.6. is this fix already back-ported to Keycloak 22.0.9 (per the added label yesterday?) |
Before reporting an issue
Area
storage
Describe the bug
One of our realms contains 8754 clients.
On this realm, we are unable to display the
Authentication/Flows
screen.Version
21.1.1
Expected behavior
The
Authentication/Flows
screen should be usable even when the database contains many clients.Actual behavior
When accessing
Authentication/Flows
, the http request onhttps://identity-test.cosium.com/auth/admin/realms/general/ui-ext/authentication-management/flows
hangs for 5 minutes then fails with a 500 error.On the server side, we see that the request has been killed by the TransactionReaper.
How to Reproduce?
Create a realm holding ~4000 clients, then try to load the authentication flows screen.
Anything else?
Here is the stacktrace that always comes up from thread dumps made while the request is hanging:
According to my investigation, the request process spends a lot of time in https://github.com/keycloak/keycloak/blob/21.1.1/rest/admin-ui-ext/src/main/java/org/keycloak/admin/ui/rest/model/AuthenticationMapper.java#L35 . The
MAX_USED_BY==9
limit is useless, because none of our clients overrides the authentication flow.Keycloak iterates on the full list of clients. Consequently, the full list of clients loads up in Hibernate 1st level cache leading to big performance degradation of the Hibernate autoflush process.
The text was updated successfully, but these errors were encountered: