[keycloak-user] Accounts Logs

Thu May 2 18:16:32 EDT 2019

Makes sense. I'm working on setting some instances for sending syslogs to,
so that should work. Thanks :)
--
Aaron Echols

On Thu, May 2, 2019 at 2:03 PM Dmitry Telegin <demetrio at carretti.pro> wrote:

> You're welcome :)
>
> You can definitely hide this section using custom account theme (by
> overriding account/template.ftl), but you will also need to prohibit access
> to the actual URL (/auth/realms/{realm}/account/log), using e.g. Undertow
> rules. I know this sounds like a hack, and I hope this will be addressed in
> the forthcoming React.js rewrite of the account console.
>
> Alternatively, you could disable event store in Keycloak and set up event
> listener to forward events to Logstash/Splunk or similar system, which will
> also give you more powerful and versatile analysis.
>
> Cheers,
> Dmitry
>
> On Thu, 2019-05-02 at 13:31 -0700, Aaron Echols wrote:
> > Thanks Dmitry!
> >
> > There is no way to hide it in the UI without disabling it the login
> events? Seems like it kind of defeats the purpose of login events and being
> able to track a hacked account, etc.
> >
> > Thanks again :)
> > --
> > Aaron Echols
> >
> > > On Thu, May 2, 2019 at 1:21 PM Dmitry Telegin <demetrio at carretti.pro>
> wrote:
> > > Hi Aaron,
> > >
> > > Here you go: Events -> Config -> Login Events Settings -> Save Events
> = OFF
> > >
> > > Visibility of the logs section in the Account UI directly depends on
> this setting [1].
> > >
> > > [1]
> https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/services/resources/account/AccountFormService.java#L175
> > >
> > > Cheers,
> > > Dmitry
> > >
> > > On Wed, 2019-05-01 at 10:11 -0700, Aaron Echols wrote:
> > > > Hello All,
> > > >
> > > > I'm been pulling my hair out on this one. I setup a DEV instance of
> > > > Keycloak to test some theming and one thing I've noticed, is that
> when
> > > > using a realms account page, Logs is disabled in DEV
> > > >
> > > > I can't figure out how to disable that in my PROD instance. I'd like
> to
> > > > hide that for all users, as my users won't understand what any of
> that
> > > > means.
> > > >
> > > > Currently in PROD, when going to any users account page you see the
> > > > following layout:
> > > >
> > > > * Account
> > > > * Password
> > > > * Authenticator
> > > > * Sessions
> > > > * Applications
> > > > * Logs
> > > >
> > > > In DEV, I see:
> > > >
> > > > * Account
> > > > * Password
> > > > * Authenticator
> > > > * Sessions
> > > > * Applications
> > > >
> > > > That's what I'd like to see in PROD as well. I'm hoping it's
> something
> > > > simple I'm missing. Thanks in advance. :)
> > > > --
> > > > Aaron Echols
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
>
>