Before reporting an issue

• I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

core

Describe the bug

We are seeing increased timeouts since upgrading from 25.0.6 to 26.4.0 when calling delete on clients that have ~30 client roles attached. This is happening only in an environment with a large number of clients and users, so it seems the latency increase scales with database size: pushing latencies over the timeout window for large environments. We are seeing large numbers of DB queries issued from this operation, with pretty substantial time gaps between some of them (probably ispn syncing across our distributed nodes, though we haven't gotten trace data for that).

We tracked down the source of the issue to the removeRole method, which changed in the upgrade.

Version

26.4.0

Regression

• The issue is a regression

Expected behavior

Client deletion does not timeout in large environments

Actual behavior

Client deletion times out in large environments

How to Reproduce?

Given a telemetry agent (like datadog) is connected:

1. Run keycloak version 25
2. Delete a client
3. Run keycloak version 26
4. Delete an identical client
5. Observe a larger number of DB queries in version 26

Anything else?

No response