Skip to main content
Version: NG-2.14

Keycloak

Introduction

Keycloak is an open-source Identity and Access Management (IAM) solution developed by Red Hat. It provides authentication, authorization, and user management capabilities for web applications and services. Keycloak is built on top of widely used standards such as OAuth 2.0, OpenID Connect, and SAML.

Getting Started

Compatibility

vuSmartMaps supports the monitoring of the keycloak metric using prometheus endpoint.

Data Collection Method

vuSmartMaps collects health and performance data for Keycloak using VuNet's Internal Data Collector.

Prerequisites

Inputs for Configuring Data Source

Firewall Requirement

To collect data from this O11ySource, ensure the following ports are opened:

Source IPDestination IPDestination PortProtocolDirection
vuSmartMaps IPKeycloak Server8080*TCPOutbound

*Before providing the firewall requirements, please update the port based on the customer environment.

Configuring the Target

Health and Performance metrics from prometheus endpoint. User has to add the Keycloak Metrics SPI - a Service Provider that adds a metrics endpoint to Keycloak. This endpoint returns metrics data ready to be scraped by Prometheus. Please refer the documentation here to get more detail, how to enable the endpoint.

Two distinct providers are defined:

  • MetricsEventListener to record the internal Keycloak events
  • MetricsEndpoint to expose the data through a custom endpoint

The endpoint is available under <base url>/realms/<realm>/metrics (Quarkus). It will return data for all realms.

Configuration Steps

  • Enable the O11ySource.
  • Select the sources tab and press the + button to add a new instance that has to be monitored.
  • Provide the required configurations:
  • *Keycloak Server
  • *Period (in seconds)
  • *URL
  • Click Save to close the data source window.

Metrics Collected

NameDescriptionData Type
@timestampTime when the metric was collected by TelegrafString
timestampPrecise time when the metric was collected (with milliseconds)DateTime64(3)
vublock_nameName of the VU block in KeycloakLowCardinality(String)
targetTarget system or service being monitoredString
hostName or IP of the Keycloak instance hostString
tenant_idID of the tenant in KeycloakLowCardinality(String)
bu_idID of the business unit in KeycloakLowCardinality(String)
tags_hostHost-related tags in the context of the Keycloak environmentString
tags_poolTags representing the connection pool used by KeycloakLowCardinality(String)
tags_gcTags related to garbage collection within KeycloakLowCardinality(String)
tags_runtimeTags indicating the runtime environment of KeycloakLowCardinality(String)
tags_urlTags related to the URL being accessed in KeycloakLowCardinality(String)
tags_areaTags defining different areas or domains within KeycloakLowCardinality(String)
tags_stateTags related to the state of Keycloak components or servicesLowCardinality(String)
tags_realmTags identifying the realm in KeycloakLowCardinality(String)
tags_resourceTags specifying the resource being accessed or protected in KeycloakLowCardinality(String)
tags_client_idID of the client in KeycloakLowCardinality(String)
tags_providerTags indicating the identity provider (IdP) used in KeycloakLowCardinality(String)
tags_methodHTTP method used in the Keycloak request (GET, POST, etc.)LowCardinality(String)
tags_codeHTTP status code returned by KeycloakLowCardinality(String)
tags_errorError returned by KeycloakLowCardinality(String)
tags_leLatency-related tags used to track Keycloak request durationsLowCardinality(String)
nameName of the specific Keycloak metricLowCardinality(String)
metric_nameIdentifier for the metric being collectedLowCardinality(String)
metric_valueThe actual value of the Keycloak metricFloat64
metric_value_diffDifference in metric value since the last collectionFloat64