Help

Keycloak and duplicate users

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
akring
Active Member II
‎22 Apr 2021 8:41 AM

Re: Keycloak and duplicate users

Jump to solution

Just to follow up on the discussion above. It turns out that your ( @afaust  ) assumption is correct, i.e. that the problem is actually due to concurrent calls from the frontend. I found out that even though the Tomcat localhost access log states that the call to the ticket endpoint and the call to the discovery endpoint are 3 seconds apart

172.21.0.7 - - [21/Apr/2021:12:56:08 +0000] "GET /alfresco/api/-default-/public/authentication/versions/1/tickets/-me- HTTP/1.0" 200 66
172.21.0.7 - - [21/Apr/2021:12:56:11 +0000] "GET /alfresco/api/discovery HTTP/1.0" 200 2212

the browser actually sends the requests amost simultaneously (confirmed by inspection the network tab in the browser inspector), i.e. 0.02 seconds apart (I double-checked - it is actually 0.02 seconds this time :-) ).

To verify that the concurrent calls to the two endpoints causes the issue described in the first post in this thread, I made a small Python script to simulate the browsers behavior (included below if anyone should be interested). Running this script results in the exact same problem as described above.

So one could argue that this a a core Alfresco issue, i.e. that the Alfresco backend should be able to handle concurrent requests without creating two users with the same username and without throwing errors in the log. Alternatively, one could also argue that the problem is with the ADF library, that makes the two simultaneous calls to the backend.

Thanks for your input @afaust . I will mark your first reply above as the solution.

Python script for anyone interested:

from datetime import datetime
from concurrent import futures
import json
import requests

REALM = 'alfresco'
TOKEN_URL = f'https://some.domain/auth/realms/{REALM}' \
            f'/protocol/openid-connect/token'
ALF_BASEURL = 'https://some.domain/alfresco/api'

# Get token

payload = {
    'client_id': 'alfresco',
    'username': 'bruce',
    'password': 'bruce',
    'grant_type': 'password'
}

r = requests.post(TOKEN_URL, data=payload, verify=False)
print(r.status_code, r.url)
token = r.json()['access_token']

headers = {
    'Authorization': f'bearer {token}'
}

def call_alf(url):
    print(datetime.now(), 'Calling ' + url)
    r = requests.get(url, headers=headers, verify=False)
    print(datetime.now(), 'Response from ' + url)
    return r.status_code, r.url

# Make concurrent requests

with futures.ThreadPoolExecutor(2) as executor:
    resp_gen = executor.map(call_alf, [
        ALF_BASEURL + '/-default-/public/authentication/versions/1/tickets/-me-',
        ALF_BASEURL + '/discovery'
    ])
    print(list(resp_gen))

 

akring
Active Member II
‎22 Apr 2021 0:15 PM

Re: Keycloak and duplicate users

Jump to solution

You are also right about Alfresco 7.0.0 - did some more testing, and the same error was found in Alfresco Community 7.0.0

0 Kudos
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.