Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-886 LDAP enhancements
  3. KEYCLOAK-838

Many calls to LDAP during user authentication

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 1.1.0.Beta1
    • Fix Version/s: 1.3.1.Final
    • Component/s: None
    • Labels:
      None

      Description

      Right now, there are around 10 calls to LDAP during single HTTP request for user authentication.

      Problem is that LDAP (UserFederation in general) doesn't suffer from the model cache and each call to UserFederationManager methods like:

      • getUserByUsername
      • getUserByEmail
      • getUserById
        performs call to LDAP. One possibility is to improve at Keycloak level (like at least some per request cache of "isValid" result, or have possibility to configure if "isValid" checks should be performed or not).

      Also it can help to have some caching layer at picketlink level (however this helps just with LDAPUserFederationProvider but not with custom providers provided by Keycloak users)

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  mposolda Marek Posolda
                  Reporter:
                  mposolda Marek Posolda
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: