I also think that the most obvious metrics are:

* Currently logged in Users
* Failed login attempts (which could help the customer to configure the brute force detection)

Keycloak distinguishes between Users and Clients. Events like Login and Logout are available for both. As far as I understand Clients are applications that delegate to Keycloak to process authentication requests. I’m not quite sure what a Client Login then refers to in contrast to a User login. Matthias do you know more about this?

As for registrations: is this only counted when a new User in Keycloak is created, or also when external services (like Google OAuth, etc.) are used? Jose maybe you can try this and check which events are created?

Am 18.01.2018 um 17:27 schrieb Matthias Wessendorf <mwessend@redhat.com>:

there is something regarding brute force detection (e.g. max login failures):
https://github.com/keycloak/keycloak-documentation/blob/master/server_admin/topics/threat/brute-force.adoc#password-guess-brute-force-attacks

IMO that's also good piece of info 

On Thu, Jan 18, 2018 at 5:23 PM, Jose Miguel Gallas Olmedo <jgallaso@redhat.com> wrote:
Hi,

So there is a fair amount of possible metrics to get from Keycloak. The most interesting I think are:
- Registrations
- Total Registrations
- Logins
- Logins by provider
- Total logged in

Then there are metrics for reset passwords, confirmation emails, token handling.. But I don't think there is much value on those.

What do you think?

JOSE MIGUEL GALLAS OLMEDO

ASSOCIATE QE, mobile

M: +34618488633    




--
Project lead AeroGear.org