Keycloak and duplicate users

cancel
Showing results for 
Search instead for 
Did you mean: 
akring
Active Member II

Re: Keycloak and duplicate users

Jump to solution

Just to follow up on the discussion above. It turns out that your ( @afaust  ) assumption is correct, i.e. that the problem is actually due to concurrent calls from the frontend. I found out that even though the Tomcat localhost access log states that the call to the ticket endpoint and the call to the discovery endpoint are 3 seconds apart

172.21.0.7 - - [21/Apr/2021:12:56:08 +0000] "GET /alfresco/api/-default-/public/authentication/versions/1/tickets/-me- HTTP/1.0" 200 66
172.21.0.7 - - [21/Apr/2021:12:56:11 +0000] "GET /alfresco/api/discovery HTTP/1.0" 200 2212

the browser actually sends the requests amost simultaneously (confirmed by inspection the network tab in the browser inspector), i.e. 0.02 seconds apart (I double-checked - it is actually 0.02 seconds this time :-) ).

To verify that the concurrent calls to the two endpoints causes the issue described in the first post in this thread, I made a small Python script to simulate the browsers behavior (included below if anyone should be interested). Running this script results in the exact same problem as described above.

So one could argue that this a a core Alfresco issue, i.e. that the Alfresco backend should be able to handle concurrent requests without creating two users with the same username and without throwing errors in the log. Alternatively, one could also argue that the problem is with the ADF library, that makes the two simultaneous calls to the backend.

Thanks for your input @afaust . I will mark your first reply above as the solution.

Python script for anyone interested:

from datetime import datetime
from concurrent import futures
import json
import requests

REALM = 'alfresco'
TOKEN_URL = f'https://some.domain/auth/realms/{REALM}' \
            f'/protocol/openid-connect/token'
ALF_BASEURL = 'https://some.domain/alfresco/api'

# Get token payload = { 'client_id': 'alfresco', 'username': 'bruce', 'password': 'bruce', 'grant_type': 'password' } r = requests.post(TOKEN_URL, data=payload, verify=False) print(r.status_code, r.url) token = r.json()['access_token'] headers = { 'Authorization': f'bearer {token}' } def call_alf(url): print(datetime.now(), 'Calling ' + url) r = requests.get(url, headers=headers, verify=False) print(datetime.now(), 'Response from ' + url) return r.status_code, r.url
# Make concurrent requests
with futures.ThreadPoolExecutor(2) as executor: resp_gen = executor.map(call_alf, [ ALF_BASEURL + '/-default-/public/authentication/versions/1/tickets/-me-', ALF_BASEURL + '/discovery' ]) print(list(resp_gen))

 

akring
Active Member II

Re: Keycloak and duplicate users

Jump to solution

You are also right about Alfresco 7.0.0 - did some more testing, and the same error was found in Alfresco Community 7.0.0