Submissions are now open for the 2026 Adobe Experience Maker Awards.
OIDC Performance Improvement and Solution for Constraint Violation
Hi @akhilraj,
There are 2 things from your error log
1. Two different user home nodes ended up with the same jcr:uuid. That only happens when concurrent/duplicated creation or a copy/import preserved a UUID it shouldn’t.
2. Two (or more) requests tried to write the same user node/property at the same time; Oak detected a write conflict.
Try to impleent Sticky sessions for the login flow: Ensure LB/Dispatcher routes all requests in a given login to the same AEM node (callback, profile write, group add, token save). This alone eliminates the bulk of cross-node races.
About jcr:uuid: If you copy any templates/nodes for users, make sure the API generates a new UUID (no “keep UUID” imports/copy).
At the end find and cleanup duplicate UUIDs under /home/users
Santosh Sai
Hi @akhilraj ,
Your errors come from race conditions under load - multiple threads/processes trying to create or update the same user nodes at once.
Use UserManager + synchronized logic (or Oak IDP caching) to ensure only one thread handles user creation/update.
Add retry logic for ConstraintViolationException/InvalidItemStateException.
Offload heavy property/group updates to an async job instead of inline in the login flow.
Keep oidcTokens in a separate service/user-specific node or external cache to avoid JCR conflicts.
Enable Jackrabbit User Synchronization (SyncHandler) configs (factory PID org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler) with proper uniqueness rules.
Serialize user creation, add retry handling, move token writes out of login, and tune sync handler configs. This removes constraint violations and boosts performance.
Hrishikesh Kagane
