In my use case, there are:
- Many user (around 70K) (imported from active directory)
- Many groups (around 25K) (imported from active directory)
Some senior/super users are associated with many groups (say 200 groups).
Currently, we hit the issue that, when user login keycloak and the users/groups/roles not already loaded into the internal infinispan cache (or being evicted), the user take several seconds to several minutes for login. This is due to keycloak firing many SQL to retrieve the group/role information (1 group/roles 1 SQL).
It seems this is due to the following bugs:
- [KEYCLOAK-19230] Calling getTopLevelGroups is slow inside GroupLDAPStorageMapper#getLDAPGroupMappingsConverted - Red Hat Issue Tracker
- [KEYCLOAK-17349] Performance issue with large number of LDAP groups - Red Hat Issue Tracker
While it seems keycloak team will not fix the bug in near future, i want to seek for your advice for any workaround (or even suggest way for code to fix it) ? Spending minutes on the login flow is not acceptable by users…