I have developed an implementation of the User Storage SPI that calls an API in a legacy system to migrate users. I need to configure my own value for storageProviderTimeout as there is a remote chance that it will take longer than the default 3 seconds to get a response. I have already configured the socket-timeout-millis to be more than the default 5 seconds before timing out, but this does not help as the storageProviderTimeout has a default of 3 seconds. Upon looking at the Keycloak source code, specifically AbstractStorageManager.java there is a mention of this value being configurable:
/** * Timeouts are used as time boundary for obtaining models from an external storage. Default value is set * to 3000 milliseconds and it's configurable. */ private static final Long STORAGE_PROVIDER_DEFAULT_TIMEOUT = 3000L;The function to read the configured value looks like this:
protected Long getStorageProviderTimeout() { if (storageProviderTimeout == null) { storageProviderTimeout = Config.scope(configScope).getLong("storageProviderTimeout", STORAGE_PROVIDER_DEFAULT_TIMEOUT); } return storageProviderTimeout; }When the UserStorageManager instance is created (which extends AbstractUserManager the constructor instantiates the superclass with this code:
public UserStorageManager(KeycloakSession session) { super(session, UserStorageProviderFactory.class, UserStorageProvider.class, UserStorageProviderModel::new, "user"); }where "user" is what later gets passed to Config.scope() in the getStorageProviderTimeout() function.
What I’ve tried so far is manually adding the tag <user> in standalone-ha.xml at the same level as the <theme> tag, like this:
<user> <storageProviderTimeout>10000</storageProviderTimeout> </user>but upon booting Keycloak, I get this error:
10:55:59,730 ERROR [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0055: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: WFLYCTL0085: Failed to parse configuration at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:143) at org.jboss.as.server@15.0.1.Final//org.jboss.as.server.ServerService.boot(ServerService.java:403) at org.jboss.as.controller@15.0.1.Final//org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:416) at java.base/java.lang.Thread.run(Thread.java:834)Caused by: javax.xml.stream.XMLStreamException: Unknown keycloak-server subsystem tag: userI hope someone can shed some light on this for me as it feels like I’m missing something obvious. Thanks in advance!
Advertisement
Answer
As discussed here https://keycloak.discourse.group/t/how-to-configure-storageprovidertimeout/9171, there are currently no possibilties to configure this property.
There is an open issue to address this problem: https://issues.redhat.com/browse/KEYCLOAK-18856
As a temporarily quick and dirty workaround you can set the value at runtime via reflections in e.g. your custom UserStorageProvier implementation:
public class CustomUserStorageProviderFactory implements UserStorageProviderFactory<CustomUserStorageProvider> {@Overridepublic void onCreate(KeycloakSession session, RealmModel realm, ComponentModel model) { UserProvider userProvider = session.userStorageManager(); try { Field field = userProvider.getClass().getSuperclass().getDeclaredField("STORAGE_PROVIDER_DEFAULT_TIMEOUT"); field.setAccessible(true); Field modifiers = field.getClass().getDeclaredField("modifiers"); modifiers.setAccessible(true); modifiers.setInt(field, field.getModifiers() & ~Modifier.FINAL); field.set(userProvider, 5000L); } catch (NoSuchFieldException | IllegalAccessException e) { throw new RuntimeException(e); }}}