[keycloak-dev] Operational monitoring of Keycloak server

[Vlastimil Elias]

Hi,

as we deployed KC to production mode for https://developers.redhat.com 
we started to think about operational monitoring, for example from 
Nagios or other systems of this type.

KC user guide doesn't contain any chapter covering this topic, also no 
any success over google search, so looks like KC doesn't have any 
solution for this yet.
But I believe this is an important area which must be solved when KC is 
used for production.

I can imagine monitoring of JDBC connection if JPA is used, monitoring 
of Mongo connection if used as store, monitoring of LDAP connection if 
LDAP federation is used etc.
Also some statistics like numbers of active sso session, number of 
logins per minute etc should be provided there.

Monitoring is not about Keycloak core itself, it should be available for 
extension developers also. For example we implemented own 
UserFederationProvider which calls backend REST services.
We should be able to add info about this integration into monitoring 
endpoint to be able to catch problems with this REST API.

It should be probably implemented same way as used by underlying 
WildFly/EAP (JPA/JDBC is probably available for monitoring there). I'm 
not sure if JMX is used there still or if some new framework is 
available for it.
Or KC should use some form of KC REST API for this, which should be 
extended by additional info from KC extensions?

What do you think?

Vlastimil

P.S we have https://issues.jboss.org/browse/RHD-552 for Red Hat 
Developer instance of KC

-- 
Vlastimil Elias
Principal Software Engineer
jboss.org Development Team