I didn't read whole thread on this: Having a JPA event store
would be bad performance? Isn't there more than one even per
login? That means multiple DB inserts per login just to gather
stats. Stats that would be looked at rarely (once a day? once a
week? once a month?) Just something to think about.
a few months ago I raised the feature request "Activity dashboard" in the Keycloak JIRA.
This weekend I gave this a spin and I think I got pretty far with it,see attached annotated screenshot.
The idea was to leverage the information from the stored event datato compute some Keycloak usage statistics over time.My current prototype supports JPA (user / event) storage providerand works with postgresql but could be adapted to other databases including MongoDB.
Since I need to compute the usage statistics based on the event data,events need to be stored and some views (3) need to be defined tomake the data accessible from JPA in a generic fashion.
Since the queries are quite complex I wanted to keep them outof the code and therefore used named native queries via orm.xml.The actual queries use some database specific date/time functionsthat I wanted to keep out of the code - thus I created viewsthat could be adapted for each database and provisioned via liquibase.
The view definitions can be found here:
For MongoDB one could define appropriate aggregation framework pipelinesto express the same query logic.
I basically exposed the data from those views per realm via a newlyintroduced AnalyticsProvider interface that is accessible via KeycloakSession.
Data from this AnalyticsProvider is then exposed as a REST resource called "DashboardResource".Data from this REST endpoint is then consumed by the admin frontend in a new sectioncalled "dashboard".
In the frontend I used basic patternfly components, e.g.: cards & tables:
For the heatmap I used http://cal-heatmap.com/#start which is based on d3js.There is also an angularjs directive that could be used as well.
The current hacky code can be found here.:
The relevant commit is:
The code still needs a decent amount of polishing but I wanted to share this withyou guys first to see if this could make it into Keycloak at some point.
_______________________________________________ keycloak-dev mailing list firstname.lastname@example.org https://lists.jboss.org/mailman/listinfo/keycloak-dev