KEYCLOAK - Flushing and clear Realm and User Caches via Admin REST API

February 23, 2024

Tags: #keycloak #cache #admin

Keycloak makes heavy use of caches, distributed and local ones. The local caches are the ones which hold realm, client and user related data. Usually you don’t need to care about cache invalidation and flushing state, this is managed under the hood by Keycloak itself. But sometimes there might be the need to clear and flush the caches manually, so that your Keycloak node(s) read(s) the data fresh from the database.

In the legacy Admin UI, this was possible with some buttons in the management console. With the migration to the new Admin UI, these buttons were left or skipped, don’t know exactly the reason why. I heard some rumors, that it’s planned to bring them back somehow sometime… (not confirmed!)

The good news: the Admin REST API still has these endpoints available to clear the realm, users and keys cache by demand! Just use the following requests to flush the caches manually (before, you of course need a proper access_token with the appropriate admim realm management roles (manage-realm)!)

Clear Realm Cache

POST http://localhost:8080/admin/realms/master/clear-realm-cache
Authorization: Bearer <access_token>

Clear User Cache

POST http://localhost:8080/admin/realms/master/clear-user-cache
Authorization: Bearer <access_token>

Clear Keys Cache

POST http://localhost:8080/admin/realms/master/clear-keys-cache
Authorization: Bearer <access_token>

Of course, this is also possible to call via the Keycloak Admin-CLI tool!

Caution, test before use in production environments. As this flushes the cache for the whole server, not only a realm, this could lead to unresponsive systems in large environments!

« KEYCLOAK - Using an HTTP/REST client in your custom extensions KEYCLOAK - Setting a fixed issuer value »