is there a maximum number of active sessions per Realm Client ?

[Edward Njango]

Hello,

i would like to know if there is limit of active sessions number per client ?

Actually i have a client with 1000 sessions active, i want to know if  my keycloak server can handle more ?

do you have some recommendation / best pratices for realm client configuration ?

Sincerely,

Edward.

[benjam...@gmail.com]

Recently we ran into a case where a misconfigured API user created some 40000 active sessions in a short time (that remained open). Signs of strain was showing at around 15000 sessions onwards when Infinispan began timing out (distributed cache config) and Keycloak began crashing (Java heap space out of memory). I think it's more to do with the memory/heap size at runtime - double check the Total Memory under Server Info on the admin console. If you are running Keycloak in a Docker container, note that the standard Keycloak image has hard coded -Xmx512m (512MB max heap size). We overrode it by passing in JAVA_OPTS="-XX:+UseContainerSupport -XX:InitialRAMPercentage=10 -XX:MaxRAMPercentage=90" (You cannot use JAVA_OPTS_APPEND because -Xmx will supersede the use of -XX:MaxRAMPercentage). Also we have added into our custom Event Listener that, on LOGIN events, if a user is found with more than, say, 1000 active sessions opened, it would automatically remove the oldest 200. 

[Pedro Igor Craveiro e Silva]

Hi,

Out of curiosity, are those sessions created when doing client credentials?

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/1efb7e24-e2d8-4a63-abca-dcef81bee49bn%40googlegroups.com.

[benjam...@gmail.com]

For us, client credentials are enabled; the sessions are those that we could see via session.sessions().getActiveClientSessionStats(realm, false).