I didn't read whole thread on this:  Having a JPA event store would be bad performance?  Isn't there more than one even per login?  That means multiple DB inserts per login just to gather stats.  Stats that would be looked at rarely (once a day?  once a week?  once a month?)  Just something to think about.

On 5/29/16 4:52 PM, Thomas Darimont wrote:
Hello group,

a few months ago I raised the feature request "Activity dashboard" in the Keycloak JIRA.

This weekend I gave this a spin and I think I got pretty far with it,
see attached annotated screenshot.

The idea was to leverage the information from the stored event data
to compute some Keycloak usage statistics over time.
My current prototype supports JPA (user / event) storage provider
and works with postgresql but could be adapted to other databases including MongoDB.

Since I need to compute the usage statistics based on the event data,
events need to be stored and some views (3) need to be defined to
make the data accessible from JPA in a generic fashion.

Since the queries are quite complex I wanted to keep them out
of the code and therefore used named native queries via orm.xml.
The actual queries use some database specific date/time functions
that I wanted to keep out of the code - thus I created views 
that could be adapted for each database and provisioned via liquibase.

The view definitions can be found here:

For MongoDB one could define appropriate aggregation framework pipelines
to express the same query logic.

I basically exposed the data from those views per realm via a newly 
introduced AnalyticsProvider interface that is accessible via KeycloakSession.

Data from this AnalyticsProvider is then exposed as a REST resource called "DashboardResource".
Data from this REST endpoint is then consumed by the admin frontend in a new section
called "dashboard".

In the frontend I used basic patternfly components, e.g.: cards & tables:

For the heatmap I used http://cal-heatmap.com/#start which is based on d3js.
There is also an angularjs directive that could be used as well.

The current hacky code can be found here.:

The relevant commit is:

The code still needs a decent amount of polishing but I wanted to share this with
you guys first to see if this could make it into Keycloak at some point.


keycloak-dev mailing list