[keycloak-dev] Operational monitoring of Keycloak server
Vlastimil Elias
velias at redhat.com
Mon Jul 13 11:06:34 EDT 2015
Looks like I have to look at WildFly/EAP DMR to see what is possible to
do with it, as I'm not sure if it is about remote monitoring also and
if/how it can be use from monitoring systems like Splunk.
Vl.
On 13.7.2015 15:26, Stian Thorgersen wrote:
> In WildFly/EAP that's DMR right? We're planning to make Keycloak managable through that as well. For example everything that goes into keycloak-server.json will eventually be moved to standalone.xml. Same with admin endpoints, everything you can do there you'll eventually be able to do through DMR and jboss-cli as well.
>
> However, IMO it would make sense to at least expose Keycloak specific information through the admin endpoints and console as well. Such number of sessions, etc..
>
> ----- Original Message -----
>> From: "Vlastimil Elias" <velias at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Monday, 13 July, 2015 3:17:16 PM
>> Subject: [keycloak-dev] Operational monitoring of Keycloak server
>>
>> Hi,
>>
>> as we deployed KC to production mode for https://developers.redhat.com
>> we started to think about operational monitoring, for example from
>> Nagios or other systems of this type.
>>
>> KC user guide doesn't contain any chapter covering this topic, also no
>> any success over google search, so looks like KC doesn't have any
>> solution for this yet.
>> But I believe this is an important area which must be solved when KC is
>> used for production.
>>
>> I can imagine monitoring of JDBC connection if JPA is used, monitoring
>> of Mongo connection if used as store, monitoring of LDAP connection if
>> LDAP federation is used etc.
>> Also some statistics like numbers of active sso session, number of
>> logins per minute etc should be provided there.
>>
>> Monitoring is not about Keycloak core itself, it should be available for
>> extension developers also. For example we implemented own
>> UserFederationProvider which calls backend REST services.
>> We should be able to add info about this integration into monitoring
>> endpoint to be able to catch problems with this REST API.
>>
>> It should be probably implemented same way as used by underlying
>> WildFly/EAP (JPA/JDBC is probably available for monitoring there). I'm
>> not sure if JMX is used there still or if some new framework is
>> available for it.
>> Or KC should use some form of KC REST API for this, which should be
>> extended by additional info from KC extensions?
>>
>> What do you think?
>>
>> Vlastimil
>>
>> P.S we have https://issues.jboss.org/browse/RHD-552 for Red Hat
>> Developer instance of KC
>>
>> --
>> Vlastimil Elias
>> Principal Software Engineer
>> jboss.org Development Team
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Vlastimil Elias
Principal Software Engineer
jboss.org Development Team
More information about the keycloak-dev
mailing list