[keycloak-dev] Operational monitoring of Keycloak server

Vlastimil Elias velias at redhat.com
Mon Jul 13 11:06:34 EDT 2015

Looks like I have to look at WildFly/EAP DMR to see what is possible to 
do with it, as I'm not sure if it is about remote monitoring also and 
if/how it can be use from monitoring systems like Splunk.


On 13.7.2015 15:26, Stian Thorgersen wrote:
> In WildFly/EAP that's DMR right? We're planning to make Keycloak managable through that as well. For example everything that goes into keycloak-server.json will eventually be moved to standalone.xml. Same with admin endpoints, everything you can do there you'll eventually be able to do through DMR and jboss-cli as well.
> However, IMO it would make sense to at least expose Keycloak specific information through the admin endpoints and console as well. Such number of sessions, etc..
> ----- Original Message -----
>> From: "Vlastimil Elias" <velias at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Monday, 13 July, 2015 3:17:16 PM
>> Subject: [keycloak-dev] Operational monitoring of Keycloak server
>> Hi,
>> as we deployed KC to production mode for https://developers.redhat.com
>> we started to think about operational monitoring, for example from
>> Nagios or other systems of this type.
>> KC user guide doesn't contain any chapter covering this topic, also no
>> any success over google search, so looks like KC doesn't have any
>> solution for this yet.
>> But I believe this is an important area which must be solved when KC is
>> used for production.
>> I can imagine monitoring of JDBC connection if JPA is used, monitoring
>> of Mongo connection if used as store, monitoring of LDAP connection if
>> LDAP federation is used etc.
>> Also some statistics like numbers of active sso session, number of
>> logins per minute etc should be provided there.
>> Monitoring is not about Keycloak core itself, it should be available for
>> extension developers also. For example we implemented own
>> UserFederationProvider which calls backend REST services.
>> We should be able to add info about this integration into monitoring
>> endpoint to be able to catch problems with this REST API.
>> It should be probably implemented same way as used by underlying
>> WildFly/EAP (JPA/JDBC is probably available for monitoring there). I'm
>> not sure if JMX is used there still or if some new framework is
>> available for it.
>> Or KC should use some form of KC REST API for this, which should be
>> extended by additional info from KC extensions?
>> What do you think?
>> Vlastimil
>> P.S we have https://issues.jboss.org/browse/RHD-552 for Red Hat
>> Developer instance of KC
>> --
>> Vlastimil Elias
>> Principal Software Engineer
>> jboss.org Development Team
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev

Vlastimil Elias
Principal Software Engineer
jboss.org Development Team

More information about the keycloak-dev mailing list