We need to run a user importer with is trigger nightly via REST endpoint. The REST endpoint in Keycloak then handles all the imports of nearly 15.000 users include there roles/groups/attributes. After around 7000 users we get Java Heap Problem.
We think the problem is the session object which is used throughout the whole task running.
This is the exact error:
ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-18) Uncaught server error: java.lang.OutOfMemoryError: Java heap space
I don’t know that this problem is with using a KeycloakSession. A similar thing is done (using a single session, in a single transaction), in the Keycloak code that imports users from a file. This will also potentially be many thousands of users. Take a look at how they do it, and see if your approach is different.
One difference to my code that I noticed is that I have lots of method calls from the session object. Like the following is called multiple times (instead of saving e.g. realm information in a variable):
Without seeing the code, and reviewing what Keycloak is doing behind those methods, I wouldn’t have any idea. I would recommend either using a debugger and/or looking at what Keycloak is doing.
Update: We could not solve the problem for the long running task directly in keycloak.
So, we decided to pass smaller pieces of users from an external service to keycloak. In the external service we implemented a pagination logic for handling the large amount of users.
Maybe too much is done inside one KeycloakSession. Probably JPA/Hibernate is then caching too many objects.
You could try to split the task into multiple KeycloakSessions (created via KeycloakSessionFactory).