Increase threads in keycloak
279 views
Skip to first unread message
Shourya Rastogi
May 19, 2021, 8:55:14 AM5/19/21
to Keycloak User
Hi Community,
I have been using keycloak but not able to find the place where I can set the number of threads, number of connections, database connections. It would be really great if someone can suggest.
Current keycloak version - 12
Running keycloak in standalone cluster mode
I have been using keycloak but not able to find the place where I can set the number of threads, number of connections, database connections. It would be really great if someone can suggest.
Current keycloak version - 12
Running keycloak in standalone cluster mode
<?xml version='1.0' encoding='UTF-8'?>
<server xmlns="urn:jboss:domain:14.0">
<extensions>
<extension module="org.jboss.as.clustering.infinispan" />
<extension module="org.jboss.as.clustering.jgroups" />
<extension module="org.jboss.as.connector" />
<extension module="org.jboss.as.deployment-scanner" />
<extension module="org.jboss.as.ee" />
<extension module="org.jboss.as.ejb3" />
<extension module="org.jboss.as.jaxrs" />
<extension module="org.jboss.as.jmx" />
<extension module="org.jboss.as.jpa" />
<extension module="org.jboss.as.logging" />
<extension module="org.jboss.as.mail" />
<extension module="org.jboss.as.modcluster" />
<extension module="org.jboss.as.naming" />
<extension module="org.jboss.as.remoting" />
<extension module="org.jboss.as.security" />
<extension module="org.jboss.as.transactions" />
<extension module="org.jboss.as.weld" />
<extension module="org.keycloak.keycloak-server-subsystem" />
<extension module="org.wildfly.extension.bean-validation" />
<extension module="org.wildfly.extension.core-management" />
<extension module="org.wildfly.extension.elytron" />
<extension module="org.wildfly.extension.io" />
<extension module="org.wildfly.extension.microprofile.config-smallrye" />
<extension module="org.wildfly.extension.microprofile.health-smallrye" />
<extension module="org.wildfly.extension.microprofile.metrics-smallrye" />
<extension module="org.wildfly.extension.request-controller" />
<extension module="org.wildfly.extension.security.manager" />
<extension module="org.wildfly.extension.undertow" />
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local" skip-group-loading="true" />
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" />
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir" />
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost" />
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true" />
<properties path="application-users.properties" relative-to="jboss.server.config.dir" />
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir" />
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter" />
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir" />
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="file" />
</handlers>
</logger>
</audit-log>
<management-interfaces>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket-binding http="management-http" />
</http-interface>
</management-interfaces>
<access-control provider="simple">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local" />
</include>
</role>
</role-mapping>
</access-control>
</management>
<profile>
<subsystem xmlns="urn:jboss:domain:logging:8.0">
<console-handler name="CONSOLE">
<level name="INFO" />
<formatter>
<named-formatter name="COLOR-PATTERN" />
</formatter>
</console-handler>
<periodic-rotating-file-handler name="FILE" autoflush="true">
<formatter>
<named-formatter name="PATTERN" />
</formatter>
<file relative-to="jboss.server.log.dir" path="server.log" />
<suffix value=".yyyy-MM-dd" />
<append value="true" />
</periodic-rotating-file-handler>
<logger category="com.arjuna">
<level name="WARN" />
</logger>
<logger category="io.jaegertracing.Configuration">
<level name="WARN" />
</logger>
<logger category="org.jboss.as.config">
<level name="DEBUG" />
</logger>
<logger category="sun.rmi">
<level name="WARN" />
</logger>
<root-logger>
<level name="INFO" />
<handlers>
<handler name="CONSOLE" />
<handler name="FILE" />
</handlers>
</root-logger>
<formatter name="PATTERN">
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n" />
</formatter>
<formatter name="COLOR-PATTERN">
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n" />
</formatter>
</subsystem>
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0" />
<subsystem xmlns="urn:jboss:domain:core-management:1.0" />
<subsystem xmlns="urn:jboss:domain:datasources:6.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
</subsystem>
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:ee:5.0">
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
<concurrent>
<context-services>
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true" />
</context-services>
<managed-thread-factories>
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default" />
</managed-thread-factories>
<managed-executor-services>
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000" />
</managed-executor-services>
<managed-scheduled-executor-services>
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000" />
</managed-scheduled-executor-services>
</concurrent>
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:ejb3:8.0">
<session-bean>
<stateless>
<bean-instance-pool-ref pool-name="slsb-strict-max-pool" />
</stateless>
<stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple" />
<singleton default-access-timeout="5000" />
</session-bean>
<pools>
<bean-instance-pools>
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES" />
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES" />
</bean-instance-pools>
</pools>
<caches>
<cache name="simple" />
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered" />
</caches>
<passivation-stores>
<passivation-store name="infinispan" cache-container="ejb" max-size="10000" />
</passivation-stores>
<async thread-pool-name="default" />
<timer-service thread-pool-name="default" default-data-store="default-file-store">
<data-stores>
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir" />
</data-stores>
</timer-service>
<remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
<channel-creation-options>
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting" />
</channel-creation-options>
</remote>
<thread-pools>
<thread-pool name="default">
<max-threads count="10" />
<keepalive-time time="60" unit="seconds" />
</thread-pool>
</thread-pools>
<default-security-domain value="other" />
<default-missing-method-permissions-deny-access value="true" />
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}" />
<log-system-exceptions value="true" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:io:3.0">
<worker name="default" />
<buffer-pool name="default" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:infinispan:11.0">
<cache-container name="keycloak" module="org.keycloak.keycloak-model-infinispan">
<transport lock-timeout="60000" />
<local-cache name="realms">
<heap-memory size="10000" />
</local-cache>
<local-cache name="users">
<heap-memory size="10000" />
</local-cache>
<distributed-cache name="authenticationSessions" owners="1" />
<distributed-cache name="sessions" owners="1">
<remote-store cache="sessions" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="false" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</distributed-cache>
<distributed-cache name="offlineSessions" owners="1">
<remote-store cache="offlineSessions" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="false" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</distributed-cache>
<distributed-cache name="clientSessions" owners="1">
<remote-store cache="clientSessions" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="false" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</distributed-cache>
<distributed-cache name="offlineClientSessions" owners="1">
<remote-store cache="offlineClientSessions" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="false" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</distributed-cache>
<distributed-cache name="loginFailures" owners="1">
<remote-store cache="loginFailures" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="false" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</distributed-cache>
<distributed-cache name="actionTokens" owners="2">
<heap-memory size="-1"/>
<expiration max-idle="-1" interval="300000"/>
<remote-store cache="actionTokens" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="true" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</distributed-cache>
<replicated-cache name="work">
<remote-store cache="work" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="false" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</replicated-cache>
<local-cache name="authorization">
<heap-memory size="10000" />
</local-cache>
<local-cache name="keys">
<heap-memory size="1000" />
<expiration max-idle="3600000" />
</local-cache>
</cache-container>
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
<transport lock-timeout="60000" />
<replicated-cache name="default">
<transaction mode="BATCH" />
</replicated-cache>
</cache-container>
<cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
<transport lock-timeout="60000" />
<replicated-cache name="sso">
<locking isolation="REPEATABLE_READ" />
<transaction mode="BATCH" />
</replicated-cache>
<distributed-cache name="dist">
<locking isolation="REPEATABLE_READ" />
<transaction mode="BATCH" />
<file-store />
</distributed-cache>
<distributed-cache name="routing" />
</cache-container>
<cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
<transport lock-timeout="60000" />
<distributed-cache name="dist">
<locking isolation="REPEATABLE_READ" />
<transaction mode="BATCH" />
<file-store />
</distributed-cache>
</cache-container>
<cache-container name="hibernate" module="org.infinispan.hibernate-cache">
<transport lock-timeout="60000" />
<local-cache name="local-query">
<heap-memory size="10000" />
<expiration max-idle="100000" />
</local-cache>
<invalidation-cache name="entity">
<transaction mode="NON_XA" />
<heap-memory size="10000" />
<expiration max-idle="100000" />
</invalidation-cache>
<replicated-cache name="timestamps" />
</cache-container>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jaxrs:2.0" />
<subsystem xmlns="urn:jboss:domain:jca:5.0">
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false" />
<bean-validation enabled="true" />
<default-workmanager>
<short-running-threads>
<core-threads count="50" />
<queue-length count="50" />
<max-threads count="50" />
<keepalive-time time="10" unit="seconds" />
</short-running-threads>
<long-running-threads>
<core-threads count="50" />
<queue-length count="50" />
<max-threads count="50" />
<keepalive-time time="10" unit="seconds" />
</long-running-threads>
</default-workmanager>
<cached-connection-manager />
</subsystem>
<subsystem xmlns="urn:jboss:domain:jgroups:8.0">
<channels default="ee">
<channel name="ee" stack="udp" cluster="ejb" />
</channels>
<stacks>
<stack name="udp">
<transport type="UDP" socket-binding="jgroups-udp" site="site1" />
<protocol type="PING" />
<protocol type="MERGE3" />
<socket-protocol type="FD_SOCK" socket-binding="jgroups-udp-fd" />
<protocol type="FD_ALL" />
<protocol type="VERIFY_SUSPECT" />
<protocol type="pbcast.NAKACK2" />
<protocol type="UNICAST3" />
<protocol type="pbcast.STABLE" />
<protocol type="pbcast.GMS" />
<protocol type="UFC" />
<protocol type="MFC" />
<protocol type="FRAG3" />
</stack>
<stack name="tcp">
<transport type="TCP" socket-binding="jgroups-tcp" />
<socket-protocol type="MPING" socket-binding="jgroups-mping" />
<protocol type="MERGE3" />
<socket-protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd" />
<protocol type="FD_ALL" />
<protocol type="VERIFY_SUSPECT" />
<protocol type="pbcast.NAKACK2" />
<protocol type="UNICAST3" />
<protocol type="pbcast.STABLE" />
<protocol type="pbcast.GMS" />
<protocol type="MFC" />
<protocol type="FRAG3" />
</stack>
</stacks>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
<expose-resolved-model />
<expose-expression-model />
<remoting-connector />
</subsystem>
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:mail:4.0">
<mail-session name="default" jndi-name="java:jboss/mail/Default">
<smtp-server outbound-socket-binding-ref="mail-smtp" />
</mail-session>
</subsystem>
<subsystem xmlns="urn:jboss:domain:modcluster:5.0">
<proxy name="default" advertise-socket="modcluster" listener="ajp">
<dynamic-load-provider>
<load-metric type="cpu" />
</dynamic-load-provider>
</proxy>
</subsystem>
<subsystem xmlns="urn:jboss:domain:naming:2.0">
<remote-naming />
</subsystem>
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:request-controller:1.0" />
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
<deployment-permissions>
<maximum-set>
<permission class="java.security.AllPermission" />
</maximum-set>
</deployment-permissions>
</subsystem>
<subsystem xmlns="urn:wildfly:elytron:11.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron" />
<providers name="openssl" />
</aggregate-providers>
<provider-loader name="elytron" module="org.wildfly.security.elytron" />
<provider-loader name="openssl" module="org.wildfly.openssl" />
</providers>
<audit-logging>
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON" />
</audit-logging>
<security-domains>
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
<realm name="ApplicationRealm" role-decoder="groups-to-roles" />
<realm name="local" />
</security-domain>
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
<realm name="ManagementRealm" role-decoder="groups-to-roles" />
<realm name="local" role-mapper="super-user-mapper" />
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local" identity="$local" />
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm" />
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir" />
</properties-realm>
<properties-realm name="ManagementRealm">
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm" />
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir" />
</properties-realm>
</security-realms>
<mappers>
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
<permission-mapping>
<principal name="anonymous" />
<permission-set name="default-permissions" />
</permission-mapping>
<permission-mapping match-all="true">
<permission-set name="login-permission" />
<permission-set name="default-permissions" />
</permission-mapping>
</simple-permission-mapper>
<constant-realm-mapper name="local" realm-name="local" />
<simple-role-decoder name="groups-to-roles" attribute="groups" />
<constant-role-mapper name="super-user-mapper">
<role name="SuperUser" />
</constant-role-mapper>
</mappers>
<permission-sets>
<permission-set name="login-permission">
<permission class-name="org.wildfly.security.auth.permission.LoginPermission" />
</permission-set>
<permission-set name="default-permissions">
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*" />
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client" />
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client" />
</permission-set>
</permission-sets>
<http>
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="DIGEST">
<mechanism-realm realm-name="ManagementRealm" />
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global" />
</http>
<sasl>
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local" />
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ApplicationRealm" />
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local" />
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ManagementRealm" />
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
<properties>
<property name="wildfly.sasl.local-user.default-user" value="$local" />
</properties>
</configurable-sasl-server-factory>
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
<filters>
<filter provider-name="WildFlyElytron" />
</filters>
</mechanism-provider-filtering-sasl-server-factory>
<provider-sasl-server-factory name="global" />
</sasl>
</subsystem>
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass" />
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass" />
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required" />
</authorization>
</security-domain>
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional" />
</login-module-stack>
<auth-module code="Dummy" />
</authentication-jaspi>
</security-domain>
<security-domain name="jboss-ejb-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required" />
</authorization>
</security-domain>
</security-domains>
</subsystem>
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
<core-environment node-identifier="${jboss.tx.node.id:1}">
<process-id>
<uuid />
</process-id>
</core-environment>
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager" />
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}" />
<object-store path="tx-object-store" relative-to="jboss.server.data.dir" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:weld:4.0" />
<subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0" />
<subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}" />
<subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}" />
<subsystem xmlns="urn:jboss:domain:undertow:11.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
<buffer-cache name="default" />
<server name="default-server">
<ajp-listener name="ajp" socket-binding="ajp" />
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" />
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" />
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content" />
<http-invoker security-realm="ApplicationRealm" />
</host>
</server>
<servlet-container name="default">
<jsp-config />
<websockets />
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content" />
</handlers>
</subsystem>
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
<providers>
<provider>classpath:${jboss.home.dir}/providers/*</provider>
</providers>
<master-realm-name>master</master-realm-name>
<scheduled-task-interval>900</scheduled-task-interval>
<theme>
<staticMaxAge>2592000</staticMaxAge>
<cacheThemes>true</cacheThemes>
<cacheTemplates>true</cacheTemplates>
<dir>${jboss.home.dir}/themes</dir>
</theme>
<spi name="eventsStore">
<provider name="jpa" enabled="true">
<properties>
<property name="exclude-events" value="["REFRESH_TOKEN"]" />
</properties>
</provider>
</spi>
<spi name="userCache">
<provider name="default" enabled="true" />
</spi>
<spi name="userSessionPersister">
<default-provider>jpa</default-provider>
</spi>
<spi name="timer">
<default-provider>basic</default-provider>
</spi>
<spi name="connectionsHttpClient">
<provider name="default" enabled="true" />
</spi>
<spi name="connectionsJpa">
<provider name="default" enabled="true">
<properties>
<property name="dataSource" value="java:jboss/datasources/KeycloakDS" />
<property name="initializeEmpty" value="true" />
<property name="migrationStrategy" value="update" />
<property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql" />
</properties>
</provider>
</spi>
<spi name="realmCache">
<provider name="default" enabled="true" />
</spi>
<spi name="connectionsInfinispan">
<default-provider>default</default-provider>
<provider name="default" enabled="true">
<properties>
<property name="cacheContainer" value="java:jboss/infinispan/container/keycloak" />
</properties>
</provider>
</spi>
<spi name="jta-lookup">
<default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
<provider name="jboss" enabled="true" />
</spi>
<spi name="publicKeyStorage">
<provider name="infinispan" enabled="true">
<properties>
<property name="minTimeBetweenRequests" value="10" />
</properties>
</provider>
</spi>
<spi name="x509cert-lookup">
<default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
<provider name="default" enabled="true" />
</spi>
<spi name="hostname">
<default-provider>default</default-provider>
<provider name="default" enabled="true">
<properties>
<property name="frontendUrl" value="${keycloak.frontendUrl:}" />
<property name="forceBackendUrlToFrontendUrl" value="false" />
</properties>
</provider>
</spi>
</subsystem>
</profile>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:0.0.0.0}" />
</interface>
<interface name="private">
<inet-address value="${jboss.bind.address.private:127.0.0.1}" />
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:0.0.0.0}" />
</interface>
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="ajp" port="${jboss.ajp.port:8009}" />
<socket-binding name="http" port="${jboss.http.port:8080}" />
<socket-binding name="https" port="${jboss.https.port:8443}" />
<socket-binding name="jgroups-mping" interface="private" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700" />
<socket-binding name="jgroups-tcp" interface="private" port="7600" />
<socket-binding name="jgroups-tcp-fd" interface="private" port="57600" />
<socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688" />
<socket-binding name="jgroups-udp-fd" interface="private" port="54200" />
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}" />
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}" />
<socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364" />
<socket-binding name="txn-recovery-environment" port="4712" />
<socket-binding name="txn-status-manager" port="4713" />
<outbound-socket-binding name="mail-smtp">
<remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}" />
</outbound-socket-binding>
<outbound-socket-binding name="remote-cache">
<remote-destination host="" />
</outbound-socket-binding>
</socket-binding-group>
</server>
<server xmlns="urn:jboss:domain:14.0">
<extensions>
<extension module="org.jboss.as.clustering.infinispan" />
<extension module="org.jboss.as.clustering.jgroups" />
<extension module="org.jboss.as.connector" />
<extension module="org.jboss.as.deployment-scanner" />
<extension module="org.jboss.as.ee" />
<extension module="org.jboss.as.ejb3" />
<extension module="org.jboss.as.jaxrs" />
<extension module="org.jboss.as.jmx" />
<extension module="org.jboss.as.jpa" />
<extension module="org.jboss.as.logging" />
<extension module="org.jboss.as.mail" />
<extension module="org.jboss.as.modcluster" />
<extension module="org.jboss.as.naming" />
<extension module="org.jboss.as.remoting" />
<extension module="org.jboss.as.security" />
<extension module="org.jboss.as.transactions" />
<extension module="org.jboss.as.weld" />
<extension module="org.keycloak.keycloak-server-subsystem" />
<extension module="org.wildfly.extension.bean-validation" />
<extension module="org.wildfly.extension.core-management" />
<extension module="org.wildfly.extension.elytron" />
<extension module="org.wildfly.extension.io" />
<extension module="org.wildfly.extension.microprofile.config-smallrye" />
<extension module="org.wildfly.extension.microprofile.health-smallrye" />
<extension module="org.wildfly.extension.microprofile.metrics-smallrye" />
<extension module="org.wildfly.extension.request-controller" />
<extension module="org.wildfly.extension.security.manager" />
<extension module="org.wildfly.extension.undertow" />
</extensions>
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<local default-user="$local" skip-group-loading="true" />
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" />
</authentication>
<authorization map-groups-to-roles="false">
<properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir" />
</authorization>
</security-realm>
<security-realm name="ApplicationRealm">
<server-identities>
<ssl>
<keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost" />
</ssl>
</server-identities>
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true" />
<properties path="application-users.properties" relative-to="jboss.server.config.dir" />
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir" />
</authorization>
</security-realm>
</security-realms>
<audit-log>
<formatters>
<json-formatter name="json-formatter" />
</formatters>
<handlers>
<file-handler name="file" formatter="json-formatter" path="audit-log.log" relative-to="jboss.server.data.dir" />
</handlers>
<logger log-boot="true" log-read-only="false" enabled="false">
<handlers>
<handler name="file" />
</handlers>
</logger>
</audit-log>
<management-interfaces>
<http-interface security-realm="ManagementRealm">
<http-upgrade enabled="true" />
<socket-binding http="management-http" />
</http-interface>
</management-interfaces>
<access-control provider="simple">
<role-mapping>
<role name="SuperUser">
<include>
<user name="$local" />
</include>
</role>
</role-mapping>
</access-control>
</management>
<profile>
<subsystem xmlns="urn:jboss:domain:logging:8.0">
<console-handler name="CONSOLE">
<level name="INFO" />
<formatter>
<named-formatter name="COLOR-PATTERN" />
</formatter>
</console-handler>
<periodic-rotating-file-handler name="FILE" autoflush="true">
<formatter>
<named-formatter name="PATTERN" />
</formatter>
<file relative-to="jboss.server.log.dir" path="server.log" />
<suffix value=".yyyy-MM-dd" />
<append value="true" />
</periodic-rotating-file-handler>
<logger category="com.arjuna">
<level name="WARN" />
</logger>
<logger category="io.jaegertracing.Configuration">
<level name="WARN" />
</logger>
<logger category="org.jboss.as.config">
<level name="DEBUG" />
</logger>
<logger category="sun.rmi">
<level name="WARN" />
</logger>
<root-logger>
<level name="INFO" />
<handlers>
<handler name="CONSOLE" />
<handler name="FILE" />
</handlers>
</root-logger>
<formatter name="PATTERN">
<pattern-formatter pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n" />
</formatter>
<formatter name="COLOR-PATTERN">
<pattern-formatter pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n" />
</formatter>
</subsystem>
<subsystem xmlns="urn:jboss:domain:bean-validation:1.0" />
<subsystem xmlns="urn:jboss:domain:core-management:1.0" />
<subsystem xmlns="urn:jboss:domain:datasources:6.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<datasource jndi-name="java:jboss/datasources/KeycloakDS" pool-name="KeycloakDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:h2:${jboss.server.data.dir}/keycloak;AUTO_SERVER=TRUE</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
</subsystem>
<subsystem xmlns="urn:jboss:domain:deployment-scanner:2.0">
<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:ee:5.0">
<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement>
<concurrent>
<context-services>
<context-service name="default" jndi-name="java:jboss/ee/concurrency/context/default" use-transaction-setup-provider="true" />
</context-services>
<managed-thread-factories>
<managed-thread-factory name="default" jndi-name="java:jboss/ee/concurrency/factory/default" context-service="default" />
</managed-thread-factories>
<managed-executor-services>
<managed-executor-service name="default" jndi-name="java:jboss/ee/concurrency/executor/default" context-service="default" hung-task-threshold="60000" keepalive-time="5000" />
</managed-executor-services>
<managed-scheduled-executor-services>
<managed-scheduled-executor-service name="default" jndi-name="java:jboss/ee/concurrency/scheduler/default" context-service="default" hung-task-threshold="60000" keepalive-time="3000" />
</managed-scheduled-executor-services>
</concurrent>
<default-bindings context-service="java:jboss/ee/concurrency/context/default" datasource="java:jboss/datasources/ExampleDS" managed-executor-service="java:jboss/ee/concurrency/executor/default" managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default" managed-thread-factory="java:jboss/ee/concurrency/factory/default" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:ejb3:8.0">
<session-bean>
<stateless>
<bean-instance-pool-ref pool-name="slsb-strict-max-pool" />
</stateless>
<stateful default-access-timeout="5000" cache-ref="distributable" passivation-disabled-cache-ref="simple" />
<singleton default-access-timeout="5000" />
</session-bean>
<pools>
<bean-instance-pools>
<strict-max-pool name="mdb-strict-max-pool" derive-size="from-cpu-count" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES" />
<strict-max-pool name="slsb-strict-max-pool" derive-size="from-worker-pools" instance-acquisition-timeout="5" instance-acquisition-timeout-unit="MINUTES" />
</bean-instance-pools>
</pools>
<caches>
<cache name="simple" />
<cache name="distributable" passivation-store-ref="infinispan" aliases="passivating clustered" />
</caches>
<passivation-stores>
<passivation-store name="infinispan" cache-container="ejb" max-size="10000" />
</passivation-stores>
<async thread-pool-name="default" />
<timer-service thread-pool-name="default" default-data-store="default-file-store">
<data-stores>
<file-data-store name="default-file-store" path="timer-service-data" relative-to="jboss.server.data.dir" />
</data-stores>
</timer-service>
<remote cluster="ejb" connectors="http-remoting-connector" thread-pool-name="default">
<channel-creation-options>
<option name="MAX_OUTBOUND_MESSAGES" value="1234" type="remoting" />
</channel-creation-options>
</remote>
<thread-pools>
<thread-pool name="default">
<max-threads count="10" />
<keepalive-time time="60" unit="seconds" />
</thread-pool>
</thread-pools>
<default-security-domain value="other" />
<default-missing-method-permissions-deny-access value="true" />
<statistics enabled="${wildfly.ejb3.statistics-enabled:${wildfly.statistics-enabled:false}}" />
<log-system-exceptions value="true" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:io:3.0">
<worker name="default" />
<buffer-pool name="default" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:infinispan:11.0">
<cache-container name="keycloak" module="org.keycloak.keycloak-model-infinispan">
<transport lock-timeout="60000" />
<local-cache name="realms">
<heap-memory size="10000" />
</local-cache>
<local-cache name="users">
<heap-memory size="10000" />
</local-cache>
<distributed-cache name="authenticationSessions" owners="1" />
<distributed-cache name="sessions" owners="1">
<remote-store cache="sessions" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="false" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</distributed-cache>
<distributed-cache name="offlineSessions" owners="1">
<remote-store cache="offlineSessions" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="false" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</distributed-cache>
<distributed-cache name="clientSessions" owners="1">
<remote-store cache="clientSessions" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="false" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</distributed-cache>
<distributed-cache name="offlineClientSessions" owners="1">
<remote-store cache="offlineClientSessions" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="false" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</distributed-cache>
<distributed-cache name="loginFailures" owners="1">
<remote-store cache="loginFailures" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="false" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</distributed-cache>
<distributed-cache name="actionTokens" owners="2">
<heap-memory size="-1"/>
<expiration max-idle="-1" interval="300000"/>
<remote-store cache="actionTokens" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="true" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</distributed-cache>
<replicated-cache name="work">
<remote-store cache="work" remote-servers="remote-cache" passivation="false" fetch-state="false" purge="false" preload="false" shared="true">
<property name="rawValues">true</property>
<property name="marshaller">org.keycloak.cluster.infinispan.KeycloakHotRodMarshallerFactory</property>
<property name="protocolVersion">2.9</property>
</remote-store>
</replicated-cache>
<local-cache name="authorization">
<heap-memory size="10000" />
</local-cache>
<local-cache name="keys">
<heap-memory size="1000" />
<expiration max-idle="3600000" />
</local-cache>
</cache-container>
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">
<transport lock-timeout="60000" />
<replicated-cache name="default">
<transaction mode="BATCH" />
</replicated-cache>
</cache-container>
<cache-container name="web" default-cache="dist" module="org.wildfly.clustering.web.infinispan">
<transport lock-timeout="60000" />
<replicated-cache name="sso">
<locking isolation="REPEATABLE_READ" />
<transaction mode="BATCH" />
</replicated-cache>
<distributed-cache name="dist">
<locking isolation="REPEATABLE_READ" />
<transaction mode="BATCH" />
<file-store />
</distributed-cache>
<distributed-cache name="routing" />
</cache-container>
<cache-container name="ejb" aliases="sfsb" default-cache="dist" module="org.wildfly.clustering.ejb.infinispan">
<transport lock-timeout="60000" />
<distributed-cache name="dist">
<locking isolation="REPEATABLE_READ" />
<transaction mode="BATCH" />
<file-store />
</distributed-cache>
</cache-container>
<cache-container name="hibernate" module="org.infinispan.hibernate-cache">
<transport lock-timeout="60000" />
<local-cache name="local-query">
<heap-memory size="10000" />
<expiration max-idle="100000" />
</local-cache>
<invalidation-cache name="entity">
<transaction mode="NON_XA" />
<heap-memory size="10000" />
<expiration max-idle="100000" />
</invalidation-cache>
<replicated-cache name="timestamps" />
</cache-container>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jaxrs:2.0" />
<subsystem xmlns="urn:jboss:domain:jca:5.0">
<archive-validation enabled="true" fail-on-error="true" fail-on-warn="false" />
<bean-validation enabled="true" />
<default-workmanager>
<short-running-threads>
<core-threads count="50" />
<queue-length count="50" />
<max-threads count="50" />
<keepalive-time time="10" unit="seconds" />
</short-running-threads>
<long-running-threads>
<core-threads count="50" />
<queue-length count="50" />
<max-threads count="50" />
<keepalive-time time="10" unit="seconds" />
</long-running-threads>
</default-workmanager>
<cached-connection-manager />
</subsystem>
<subsystem xmlns="urn:jboss:domain:jgroups:8.0">
<channels default="ee">
<channel name="ee" stack="udp" cluster="ejb" />
</channels>
<stacks>
<stack name="udp">
<transport type="UDP" socket-binding="jgroups-udp" site="site1" />
<protocol type="PING" />
<protocol type="MERGE3" />
<socket-protocol type="FD_SOCK" socket-binding="jgroups-udp-fd" />
<protocol type="FD_ALL" />
<protocol type="VERIFY_SUSPECT" />
<protocol type="pbcast.NAKACK2" />
<protocol type="UNICAST3" />
<protocol type="pbcast.STABLE" />
<protocol type="pbcast.GMS" />
<protocol type="UFC" />
<protocol type="MFC" />
<protocol type="FRAG3" />
</stack>
<stack name="tcp">
<transport type="TCP" socket-binding="jgroups-tcp" />
<socket-protocol type="MPING" socket-binding="jgroups-mping" />
<protocol type="MERGE3" />
<socket-protocol type="FD_SOCK" socket-binding="jgroups-tcp-fd" />
<protocol type="FD_ALL" />
<protocol type="VERIFY_SUSPECT" />
<protocol type="pbcast.NAKACK2" />
<protocol type="UNICAST3" />
<protocol type="pbcast.STABLE" />
<protocol type="pbcast.GMS" />
<protocol type="MFC" />
<protocol type="FRAG3" />
</stack>
</stacks>
</subsystem>
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
<expose-resolved-model />
<expose-expression-model />
<remoting-connector />
</subsystem>
<subsystem xmlns="urn:jboss:domain:jpa:1.1">
<jpa default-datasource="" default-extended-persistence-inheritance="DEEP" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:mail:4.0">
<mail-session name="default" jndi-name="java:jboss/mail/Default">
<smtp-server outbound-socket-binding-ref="mail-smtp" />
</mail-session>
</subsystem>
<subsystem xmlns="urn:jboss:domain:modcluster:5.0">
<proxy name="default" advertise-socket="modcluster" listener="ajp">
<dynamic-load-provider>
<load-metric type="cpu" />
</dynamic-load-provider>
</proxy>
</subsystem>
<subsystem xmlns="urn:jboss:domain:naming:2.0">
<remote-naming />
</subsystem>
<subsystem xmlns="urn:jboss:domain:remoting:4.0">
<http-connector name="http-remoting-connector" connector-ref="default" security-realm="ApplicationRealm" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:request-controller:1.0" />
<subsystem xmlns="urn:jboss:domain:security-manager:1.0">
<deployment-permissions>
<maximum-set>
<permission class="java.security.AllPermission" />
</maximum-set>
</deployment-permissions>
</subsystem>
<subsystem xmlns="urn:wildfly:elytron:11.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<providers>
<aggregate-providers name="combined-providers">
<providers name="elytron" />
<providers name="openssl" />
</aggregate-providers>
<provider-loader name="elytron" module="org.wildfly.security.elytron" />
<provider-loader name="openssl" module="org.wildfly.openssl" />
</providers>
<audit-logging>
<file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON" />
</audit-logging>
<security-domains>
<security-domain name="ApplicationDomain" default-realm="ApplicationRealm" permission-mapper="default-permission-mapper">
<realm name="ApplicationRealm" role-decoder="groups-to-roles" />
<realm name="local" />
</security-domain>
<security-domain name="ManagementDomain" default-realm="ManagementRealm" permission-mapper="default-permission-mapper">
<realm name="ManagementRealm" role-decoder="groups-to-roles" />
<realm name="local" role-mapper="super-user-mapper" />
</security-domain>
</security-domains>
<security-realms>
<identity-realm name="local" identity="$local" />
<properties-realm name="ApplicationRealm">
<users-properties path="application-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ApplicationRealm" />
<groups-properties path="application-roles.properties" relative-to="jboss.server.config.dir" />
</properties-realm>
<properties-realm name="ManagementRealm">
<users-properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" digest-realm-name="ManagementRealm" />
<groups-properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir" />
</properties-realm>
</security-realms>
<mappers>
<simple-permission-mapper name="default-permission-mapper" mapping-mode="first">
<permission-mapping>
<principal name="anonymous" />
<permission-set name="default-permissions" />
</permission-mapping>
<permission-mapping match-all="true">
<permission-set name="login-permission" />
<permission-set name="default-permissions" />
</permission-mapping>
</simple-permission-mapper>
<constant-realm-mapper name="local" realm-name="local" />
<simple-role-decoder name="groups-to-roles" attribute="groups" />
<constant-role-mapper name="super-user-mapper">
<role name="SuperUser" />
</constant-role-mapper>
</mappers>
<permission-sets>
<permission-set name="login-permission">
<permission class-name="org.wildfly.security.auth.permission.LoginPermission" />
</permission-set>
<permission-set name="default-permissions">
<permission class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission" module="org.wildfly.extension.batch.jberet" target-name="*" />
<permission class-name="org.wildfly.transaction.client.RemoteTransactionPermission" module="org.wildfly.transaction.client" />
<permission class-name="org.jboss.ejb.client.RemoteEJBPermission" module="org.jboss.ejb-client" />
</permission-set>
</permission-sets>
<http>
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="DIGEST">
<mechanism-realm realm-name="ManagementRealm" />
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global" />
</http>
<sasl>
<sasl-authentication-factory name="application-sasl-authentication" sasl-server-factory="configured" security-domain="ApplicationDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local" />
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ApplicationRealm" />
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<sasl-authentication-factory name="management-sasl-authentication" sasl-server-factory="configured" security-domain="ManagementDomain">
<mechanism-configuration>
<mechanism mechanism-name="JBOSS-LOCAL-USER" realm-mapper="local" />
<mechanism mechanism-name="DIGEST-MD5">
<mechanism-realm realm-name="ManagementRealm" />
</mechanism>
</mechanism-configuration>
</sasl-authentication-factory>
<configurable-sasl-server-factory name="configured" sasl-server-factory="elytron">
<properties>
<property name="wildfly.sasl.local-user.default-user" value="$local" />
</properties>
</configurable-sasl-server-factory>
<mechanism-provider-filtering-sasl-server-factory name="elytron" sasl-server-factory="global">
<filters>
<filter provider-name="WildFlyElytron" />
</filters>
</mechanism-provider-filtering-sasl-server-factory>
<provider-sasl-server-factory name="global" />
</sasl>
</subsystem>
<subsystem xmlns="urn:jboss:domain:security:2.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass" />
</login-module>
<login-module code="RealmDirect" flag="required">
<module-option name="password-stacking" value="useFirstPass" />
</login-module>
</authentication>
</security-domain>
<security-domain name="jboss-web-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required" />
</authorization>
</security-domain>
<security-domain name="jaspitest" cache-type="default">
<authentication-jaspi>
<login-module-stack name="dummy">
<login-module code="Dummy" flag="optional" />
</login-module-stack>
<auth-module code="Dummy" />
</authentication-jaspi>
</security-domain>
<security-domain name="jboss-ejb-policy" cache-type="default">
<authorization>
<policy-module code="Delegating" flag="required" />
</authorization>
</security-domain>
</security-domains>
</subsystem>
<subsystem xmlns="urn:jboss:domain:transactions:5.0">
<core-environment node-identifier="${jboss.tx.node.id:1}">
<process-id>
<uuid />
</process-id>
</core-environment>
<recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager" />
<coordinator-environment statistics-enabled="${wildfly.transactions.statistics-enabled:${wildfly.statistics-enabled:false}}" />
<object-store path="tx-object-store" relative-to="jboss.server.data.dir" />
</subsystem>
<subsystem xmlns="urn:jboss:domain:weld:4.0" />
<subsystem xmlns="urn:wildfly:microprofile-config-smallrye:1.0" />
<subsystem xmlns="urn:wildfly:microprofile-health-smallrye:2.0" security-enabled="false" empty-liveness-checks-status="${env.MP_HEALTH_EMPTY_LIVENESS_CHECKS_STATUS:UP}" empty-readiness-checks-status="${env.MP_HEALTH_EMPTY_READINESS_CHECKS_STATUS:UP}" />
<subsystem xmlns="urn:wildfly:microprofile-metrics-smallrye:2.0" security-enabled="false" exposed-subsystems="*" prefix="${wildfly.metrics.prefix:wildfly}" />
<subsystem xmlns="urn:jboss:domain:undertow:11.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
<buffer-cache name="default" />
<server name="default-server">
<ajp-listener name="ajp" socket-binding="ajp" />
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" />
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" />
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content" />
<http-invoker security-realm="ApplicationRealm" />
</host>
</server>
<servlet-container name="default">
<jsp-config />
<websockets />
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content" />
</handlers>
</subsystem>
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
<providers>
<provider>classpath:${jboss.home.dir}/providers/*</provider>
</providers>
<master-realm-name>master</master-realm-name>
<scheduled-task-interval>900</scheduled-task-interval>
<theme>
<staticMaxAge>2592000</staticMaxAge>
<cacheThemes>true</cacheThemes>
<cacheTemplates>true</cacheTemplates>
<dir>${jboss.home.dir}/themes</dir>
</theme>
<spi name="eventsStore">
<provider name="jpa" enabled="true">
<properties>
<property name="exclude-events" value="["REFRESH_TOKEN"]" />
</properties>
</provider>
</spi>
<spi name="userCache">
<provider name="default" enabled="true" />
</spi>
<spi name="userSessionPersister">
<default-provider>jpa</default-provider>
</spi>
<spi name="timer">
<default-provider>basic</default-provider>
</spi>
<spi name="connectionsHttpClient">
<provider name="default" enabled="true" />
</spi>
<spi name="connectionsJpa">
<provider name="default" enabled="true">
<properties>
<property name="dataSource" value="java:jboss/datasources/KeycloakDS" />
<property name="initializeEmpty" value="true" />
<property name="migrationStrategy" value="update" />
<property name="migrationExport" value="${jboss.home.dir}/keycloak-database-update.sql" />
</properties>
</provider>
</spi>
<spi name="realmCache">
<provider name="default" enabled="true" />
</spi>
<spi name="connectionsInfinispan">
<default-provider>default</default-provider>
<provider name="default" enabled="true">
<properties>
<property name="cacheContainer" value="java:jboss/infinispan/container/keycloak" />
</properties>
</provider>
</spi>
<spi name="jta-lookup">
<default-provider>${keycloak.jta.lookup.provider:jboss}</default-provider>
<provider name="jboss" enabled="true" />
</spi>
<spi name="publicKeyStorage">
<provider name="infinispan" enabled="true">
<properties>
<property name="minTimeBetweenRequests" value="10" />
</properties>
</provider>
</spi>
<spi name="x509cert-lookup">
<default-provider>${keycloak.x509cert.lookup.provider:default}</default-provider>
<provider name="default" enabled="true" />
</spi>
<spi name="hostname">
<default-provider>default</default-provider>
<provider name="default" enabled="true">
<properties>
<property name="frontendUrl" value="${keycloak.frontendUrl:}" />
<property name="forceBackendUrlToFrontendUrl" value="false" />
</properties>
</provider>
</spi>
</subsystem>
</profile>
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:0.0.0.0}" />
</interface>
<interface name="private">
<inet-address value="${jboss.bind.address.private:127.0.0.1}" />
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:0.0.0.0}" />
</interface>
</interfaces>
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="ajp" port="${jboss.ajp.port:8009}" />
<socket-binding name="http" port="${jboss.http.port:8080}" />
<socket-binding name="https" port="${jboss.https.port:8443}" />
<socket-binding name="jgroups-mping" interface="private" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700" />
<socket-binding name="jgroups-tcp" interface="private" port="7600" />
<socket-binding name="jgroups-tcp-fd" interface="private" port="57600" />
<socket-binding name="jgroups-udp" interface="private" port="55200" multicast-address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688" />
<socket-binding name="jgroups-udp-fd" interface="private" port="54200" />
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:9990}" />
<socket-binding name="management-https" interface="management" port="${jboss.management.https.port:9993}" />
<socket-binding name="modcluster" multicast-address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364" />
<socket-binding name="txn-recovery-environment" port="4712" />
<socket-binding name="txn-status-manager" port="4713" />
<outbound-socket-binding name="mail-smtp">
<remote-destination host="${jboss.mail.server.host:localhost}" port="${jboss.mail.server.port:25}" />
</outbound-socket-binding>
<outbound-socket-binding name="remote-cache">
<remote-destination host="" />
</outbound-socket-binding>
</socket-binding-group>
</server>
Stan Silvert
May 19, 2021, 1:24:32 PM5/19/21
to Shourya Rastogi, Keycloak User
You need to consult the WildFly documentation. DB connections and threads are outside the purview of Keycloak.
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/4d2dd669-cc6c-4599-b94a-dd039cb21dedn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages