libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Add warning about too long attribute values as it can exhaust caches (#27126)

Browse source 
Closes #27125

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Alexander Schwartz 2024-02-21 13:47:58 +01:00 committed by GitHub
parent 33425dacd9
commit 3b6886d970
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
docs/documentation/server_admin/topics/users/user-profile.adoc
View file

@ -117,6 +117,11 @@ As you will see in the following sections, you can also restrict the audience fo
For unmanaged attributes, the maximum length is 2048 characters. For unmanaged attributes, the maximum length is 2048 characters.
To specify a different minimum or maximum length, change the unmanaged attribute to a managed attribute and add a `length` validator. To specify a different minimum or maximum length, change the unmanaged attribute to a managed attribute and add a `length` validator.
WARNING: {project_name} caches user-related objects in its internal caches.
The longer the attributes are, the more memory the cache consumes.
Therefore, limiting the size of the length attributes is recommended.
Consider storing large objects outside Keycloak and reference them by ID or URL.
== Managing the User Profile == Managing the User Profile
The user profile configuration is managed on a per-realm basis. For that, click on the The user profile configuration is managed on a per-realm basis. For that, click on the

5
docs/documentation/upgrading/topics/keycloak/changes-24_0_0.adoc
View file

@ -268,6 +268,11 @@ Ensure that no unmanaged attributes are allowed and all editable attributes have
For unmanaged attributes, the maximum length is 2048 characters. For unmanaged attributes, the maximum length is 2048 characters.
For managed attributes, the default maximum length is 2048 characters. Administrator can change this by adding a validator of type `length`. For managed attributes, the default maximum length is 2048 characters. Administrator can change this by adding a validator of type `length`.
WARNING: {project_name} caches user-related objects in its internal caches.
The longer the attributes are, the more memory the cache consumes.
Therefore, limiting the size of the length attributes is recommended.
Consider storing large objects outside Keycloak and reference them by ID or URL.
This change adds new indexes on the tables `USER_ATTRIBUTE` and `FED_USER_ATTRIBUTE`. This change adds new indexes on the tables `USER_ATTRIBUTE` and `FED_USER_ATTRIBUTE`.
If those tables contain more than 300000 entries, Keycloak will skip the index creation by default during the automatic schema migration and instead log the SQL statement on the console during migration to be applied manually after {project_name}'s startup. If those tables contain more than 300000 entries, Keycloak will skip the index creation by default during the automatic schema migration and instead log the SQL statement on the console during migration to be applied manually after {project_name}'s startup.
See the link:{upgradingguide_link}[{upgradingguide_name}] for details on how to configure a different limit. See the link:{upgradingguide_link}[{upgradingguide_name}] for details on how to configure a different limit.