We do use Policy Enforcement on several endpoints which tend to have 6 figure hits during a workday. We notices that for every Service Account call in:
when the claims get send to Keycloak for Policy validation a new session is created. I guess Pedro Igor did mentioned that in 2017 here. But we don't know for sure, if this is behaviour which we trigger due to wrong configuration or if this is sub par implementation (for our usecase).
we fear if we extend the usage on methods which get even more traffic this will lead to a high workload on the infinispan caches and db?