[keycloak-user] Accounts Logs
Dmitry Telegin
demetrio at carretti.pro
Thu May 2 17:03:25 EDT 2019
You're welcome :)
You can definitely hide this section using custom account theme (by overriding account/template.ftl), but you will also need to prohibit access to the actual URL (/auth/realms/{realm}/account/log), using e.g. Undertow rules. I know this sounds like a hack, and I hope this will be addressed in the forthcoming React.js rewrite of the account console.
Alternatively, you could disable event store in Keycloak and set up event listener to forward events to Logstash/Splunk or similar system, which will also give you more powerful and versatile analysis.
Cheers,
Dmitry
On Thu, 2019-05-02 at 13:31 -0700, Aaron Echols wrote:
> Thanks Dmitry!
>
> There is no way to hide it in the UI without disabling it the login events? Seems like it kind of defeats the purpose of login events and being able to track a hacked account, etc.
>
> Thanks again :)
> --
> Aaron Echols
>
> > On Thu, May 2, 2019 at 1:21 PM Dmitry Telegin <demetrio at carretti.pro> wrote:
> > Hi Aaron,
> >
> > Here you go: Events -> Config -> Login Events Settings -> Save Events = OFF
> >
> > Visibility of the logs section in the Account UI directly depends on this setting [1].
> >
> > [1] https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java#L175
> >
> > Cheers,
> > Dmitry
> >
> > On Wed, 2019-05-01 at 10:11 -0700, Aaron Echols wrote:
> > > Hello All,
> > >
> > > I'm been pulling my hair out on this one. I setup a DEV instance of
> > > Keycloak to test some theming and one thing I've noticed, is that when
> > > using a realms account page, Logs is disabled in DEV
> > >
> > > I can't figure out how to disable that in my PROD instance. I'd like to
> > > hide that for all users, as my users won't understand what any of that
> > > means.
> > >
> > > Currently in PROD, when going to any users account page you see the
> > > following layout:
> > >
> > > * Account
> > > * Password
> > > * Authenticator
> > > * Sessions
> > > * Applications
> > > * Logs
> > >
> > > In DEV, I see:
> > >
> > > * Account
> > > * Password
> > > * Authenticator
> > > * Sessions
> > > * Applications
> > >
> > > That's what I'd like to see in PROD as well. I'm hoping it's something
> > > simple I'm missing. Thanks in advance. :)
> > > --
> > > Aaron Echols
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
More information about the keycloak-user
mailing list