Bottleneck when using auth/admin/realms/myrealm/users in my app

I am running a script which requests the master token before requesting the list of users for a realm. I perform this request in a tight loop 100 times and output the time it takes to perform the "auth/admin/realms/mine/users?first=0&max=1000" request.

When testing with a locally installed keycloak docker, a single request is taking 4.0 seconds. If I run 5 instances of this script at the same time, a single request takes around 10 seconds.
And if I run 10 instances, it jumps to 20 seconds before a reply is received.

  • docker push of a 1.2 GB image
  • How to access local file when building from Dockerfile?
  • docker entrypoint running bash script gets “permission denied”
  • How to setting Core file size in Docker container?
  • fig invalid repository name error
  • docker-compose v2 named volumes and volumes on host
  • Therefore, I have a serious bottleneck in my webapp on the page where I list all user information and was wondering how I might go about solving this problem.

    I am running keycloak 2.5.0.Final. My java home is /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64/jre. authorizationPersister = jpa.

    My script:

    import requests
    
    keyCloakUrl = "http://foo.bar"
    
    for i in range(100):
    
        session = requests.Session()
        r = session.post(
            keyCloakUrl +"auth/realms/master/protocol/openid-connect/token", 
            data={
                "grant_type":"password",
                "client_id":"admin-cli",
                "username":"admin",
                "password":"admin"
            }
        )
        master_token = json.loads(r.content)['access_token']
    
        r = s.get(
            keyCloakUrl + "auth/admin/realms/mine/users?first=0&max=1000",
            headers={'Authorization':'Bearer '+master_token}
        )
        print(r.elapsed.total_seconds())
    

    My dockerfile:

    FROM jboss/keycloak-mysql:2.5.0.Final
    
    ARG db2
    
    ADD deps/ /opt/jboss/keycloak/
    RUN /opt/jboss/keycloak/import_utbud_realm.sh 
    
    CMD ["-b", "0.0.0.0", "-bmanagement", "0.0.0.0", "-Djboss.socket.binding.port-offset=2"]
    

    UPDATE

    I also tried measuring the time for the “auth/realms/master/protocol/openid-connect/token” request. This is 0.1 seconds per request with only one instance of the script running and 0.8 seconds with 10 instances running.

  • Load TensorFlow weights on docker container
  • Docker: How to use redirect (command >> file.txt) from CMD[]?
  • Running docker container : iptables: No chain/target/match by that name
  • “docker images” command doesn't show correct size
  • Sed cannot find file while building Docker image
  • Docker Node.js Cron
  • One Solution collect form web for “Bottleneck when using auth/admin/realms/myrealm/users in my app”

    Maybe it is a silly observation, but did you try to increase you JVM heap in your docker configs? Like:

    CMD java -XX:+PrintFlagsFinal -XX:+PrintGCDetails $JAVA_OPTIONS -jar java-container.jar
    

    There is a fantastic blog that explain the memory issue with the JVM and docker here

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.