Slow User query in UI with wildcard search request #39646
Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
admin/ui
Describe the bug
When querying users with ("*") in the search field which results in more than one page, the last page keeps loading until one minute is reached. The long loading endpoint is seen via tracing /admin/realms/{realm}/{extension}/brute-force-user .
After that time an 401 is displayed
If i search for a group of users ("*group_of_users"), which also results in more than page the same long running 401 error doesn't happen.
Version
26.2.4
Regression
- The issue is a regression
Expected behavior
Normal response from the search as if i would search for a group of users.
Actual behavior
Slow response and timeouts with 401 error.
How to Reproduce?
Create an ldap federation which syncs more than 10 Users. Sync them into keycloak. Search for "*" in the users menu.
Anything else?
---
apiVersion: k8s.keycloak.org/v2alpha1
kind: Keycloak
metadata:
name: keycloak-sso-prod
spec:
tracing:
enabled: true
endpoint: http://jaeger-collector.jaeger.svc:4317
samplerType: always_on
instances: 3
db:
vendor: postgres
database: keycloak_990p
host: postgres17-keycloak990p-rw
usernameSecret:
name: keycloak-990p-db
key: username
passwordSecret:
name: keycloak-990p-db
key: password
poolInitialSize: 100
poolMinSize: 100
poolMaxSize: 100
proxy:
headers: xforwarded
http:
httpEnabled: true
httpsPort: 8443
tlsSecret: keycloak-sso
hostname:
hostname: https://iam.example.tld
features:
enabled:
- docker
- authorization
- recovery-codes
- admin-fine-grained-authz
- token-exchange
- organization
resources:
requests:
cpu: 1200m
memory: 6Gi
limits:
memory: 12Gi
scheduling:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- keycloak
topologyKey: kubernetes.io/hostname
truststores:
my-truststore:
secret:
name: kdvz-ca-keycloak-certs
ingress:
enabled: false
additionalOptions:
- name: proxy
value: reencrypt
# - name: cache-stack
# value: jdbc-ping
- name: http-max-queued-requests
value: "10000"
- name: http-pool-max-threads
value: "56"
- name: log
value: console
- name: log-level
value: error
- name: log-console-output
value: json
- name: cache-embedded-authorization-max-count
value: "10000000"
- name: cache-embedded-client-sessions-max-count
value: "10000000"
- name: cache-embedded-users-max-count
value: "10000000"
- name: cache-embedded-sessions-max-count
value: "10000000"
- name: cache-embedded-offline-client-sessions-max-count
value: "10000000"
- name: cache-embedded-offline-sessions-max-count
value: "10000000"
- name: cache-embedded-realms-max-count
value: "10000"
- name: cache-embedded-crl-max-count
value: "10000"
- name: cache-embedded-keys-max-count
value: "10000"
.....