Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8840

Every policy enforcement call results in an unique service account session

    Details

    • Type: Enhancement
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Out of Date
    • Affects Version/s: 4.5.0.Final
    • Fix Version/s: 4.6.0.Final
    • Component/s: Authorization Services
    • Labels:
      None
    • Environment:

      stock Keycloak docker image

    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      We do use Policy Enforcement on several endpoints which tend to have 6 figure hits during a workday. We notices that for every Service Account call in:

      org.keycloak.adapters.authorization.KeycloakAdapterPolicyEnforcer.requestAuthorizationToken:166
      

      when the claims get send to Keycloak for Policy validation a new session is created. I guess Pedro Igor did mentioned that in 2017 here. But we don't know for sure, if this is behaviour which we trigger due to wrong configuration or if this is sub par implementation (for our usecase).

      we fear if we extend the usage on methods which get even more traffic this will lead to a high workload on the infinispan caches and db?

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                pcraveiro Pedro Igor Silva
                Reporter:
                ataraxus Anton G.
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: