Config update is very slow when there are 1000s of clients #1104
Comments
erwin1
changed the title
|
Hi @erwin1, I've observed the same latency issue in updating the config across multiple clients—it’s indeed slow. While excluding certain clients is an option, it risks potential issues like incomplete or I explored a selective export approach, but it’s not feasible at scale. Manually specifying thousands of client IDs in the config is both tedious and unscalable, especially in large environments. It seems we’ll need to explore more efficient methods to handle this issue effectively probably Allowing users to specify patterns for excluding or including clients, rather than listing individual client IDs.. |
|
Quick update: the work-around in our case was simply to make sure nothing client related existed in the new config file(s). In that case keycloak-config-cli automatically excludes the full client export, which is nice. I think the real solution is to improve the client export at the Keycloak side. |
It seems appropriate to close this issue while we await enhancements from Keycloak, @erwin1? |
Problem Statement
Use-case:
Running keycloak-config-cli against a Keycloak instance with 1000s of clients is very slow (5+ minutes) because a partialExport including clients is run at the start.
https://github.com/adorsys/keycloak-config-cli/blob/main/src/main/java/de/adorsys/keycloak/config/service/ScopeMappingImportService.java#L68
Proposed Solution
Not sure if this would break other things, but for this use-case it would make sense to be able to exclude clients so they don't need to get exported.
Or maybe there are other work-arounds that could be used here?
Environment
Additional information
No response
Acceptance Criteria
No response
The text was updated successfully, but these errors were encountered: