libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Merge pull request #17 from mposolda/master

Browse source 
KEYCLOAK-3857 Document cache changes
This commit is contained in:
Marek Posolda 2016-11-16 23:10:58 +01:00 committed by GitHub
commit 1360bcc1be
2 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
topics/cache.adoc
View file

@ -3,10 +3,11 @@
{{book.project.name}} has two types of caches. One type of cache sits in front of the database to decrease load on the DB
and to increase overall response times by keeping data in memory. Realm, client, role, and user metadata is kept in this type of cache.
This cache is an invalidation cache. Invalidation caches do not use replication.
This cache is a local cache. Local caches do not use replication even if you are in the cluster with more {{book.project.name}} servers.
Instead, they only keep copies locally and if the entry is updated an invalidation message is sent to the rest of the cluster
and the entry is evicted. This greatly reduces network traffic, makes things efficient, and avoids transmitting sensitive
metadata over the ire.
and the entry is evicted. There is separate replicated cache `work`, which task is to send the invalidation messages to the whole cluster about what entries
should be evicted from local caches. This greatly reduces network traffic, makes things efficient, and avoids transmitting sensitive
metadata over the wire.
The second type of cache handles managing user sessions, offline tokens, and keeping track of login failures so that the
server can detect password phishing and other attacks. The data held in these caches is temporary, in memory only,

6
topics/cache/eviction.adoc vendored
View file

@ -36,10 +36,10 @@ _domain.xml_ depending on your <<fake/../../operating-mode.adoc#_operating-mode,
<subsystem xmlns="urn:jboss:domain:infinispan:4.0">
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
<transport lock-timeout="60000"/>
<invalidation-cache name="realms" mode="SYNC"/>
<invalidation-cache name="users" mode="SYNC">
<local-cache name="realms" />
<local-cache name="users">
<eviction max-entries="10000" strategy="LRU"/>
</invalidation-cache>
</local-cache>
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
<distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>