Performance Degradation from Keycloak Version 22.0.3 to Keycloak 23.0.X #28222
Labels
area/core
kind/bug
Categorizes a PR related to a bug
status/auto-expire
status/expired-by-bot
team/cross-dc
Before reporting an issue
Area
core
Describe the bug
Hello !
We are writing to seek your assistance regarding performance issues encountered after upgrading our Java Spring Boot microservices architecture application from Keycloak version 22.0.3 to 23.0.X.
Before each production deployment, we are launching performance testing using Jmeter. Previously, during our performance testing, we were able to generate approximately 360,000 Keycloak tokens within one hour. However, since migrating to Keycloak 23.0.X, we have observed a significant decrease in performance, with only around 180,000 tokens generated within the same time frame.
Further analysis through performance profiling has revealed that the latency on the Keycloak side has notably increased since the upgrade to Keycloak 23.0.X.
Figure 1 : % of time spent during our performance testing
Figure 2 : Latency during another performance testing
To gain further insights into the performance degradation, we conducted additional testing without our architectural layer. Using this script (https://github.com/opfab/keycloak-perf/blob/main/test.sh) on our local machines with Docker, we installed Keycloak 22.0.3 and Keycloak 23.0.X separately. The results of these tests closely mirror our real-world observations : under Keycloak 22.0.3, we were able to generate 10,000 tokens in approximately 14 minutes, whereas under Keycloak 23.0.X, it took around 25 minutes to achieve the same result.
We ultimately decided to install Keycloak 24.0.1 on our local machines, hopeful that it would resolve our issue. Considering the significant changes in password hashing intervals introduced in Keycloak 24, we adjusted our password hashing policy like this :
After that, we launched the same test as before and observed that the performance remained consistent with the tests conducted on Keycloak 23.0.X.
These findings provide compelling evidence that the performance issues we are encountering are directly associated with an upgrade introduced in Keycloak 23.0.X. Unfortunately, there's no errors in our server log, just latency.
Given the critical role of Keycloak in our authentication and authorization processes within our microservices architecture, resolving these performance issues promptly is crucial to maintaining our system's reliability and scalability.
We kindly request your expertise and guidance in identifying the root cause of these performance discrepancies and implementing any necessary optimizations or configurations to restore our system's performance to previous levels.
Version
23.0.7
Regression
Expected behavior
Approximately the same performance / number of access token generated with Keycloak 23.0.X than Keycloak 22.0.3.
Actual behavior
Since migrating to Keycloak 23.0.X (we tried Keycloak 23.0.0, then 23.0.1, then 23.0.2 and finally 23.0.7), there's a significant decrease in performance. (high latency and low number of access token generated)
How to Reproduce?
Generate a large number of access token (>100k) with the following script on a Keycloak 22.0.3 then on a Keycloak version >= 23.0.0
https://github.com/opfab/keycloak-perf
Anything else?
No response
The text was updated successfully, but these errors were encountered: