Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configure Keycloak audit log #522

Closed
rjferguson21 opened this issue Jun 28, 2024 · 2 comments · Fixed by defenseunicorns/uds-identity-config#171
Closed

Configure Keycloak audit log #522

rjferguson21 opened this issue Jun 28, 2024 · 2 comments · Fixed by defenseunicorns/uds-identity-config#171
Assignees
@UnicornChance
Labels
enhancement New feature or request security sso Issues related to the SSO stack (Keycloak/Authservice)
Milestone
0.25.0

Comments

@rjferguson21
Copy link
Contributor

We intend to satisfy AC 2.1 with auditing/events from Keycloak but these events are currently not configured to ship anywhere.

The easiest thing to do would probably be audit and ensure:

  • all relevant login/admin events are configured correctly
  • verify they are being logged by configuring the Logging Event Listener

See: https://www.keycloak.org/docs/latest/server_admin/#configuring-auditing-to-track-events
@rjferguson21 rjferguson21 added the enhancement New feature or request label Jun 28, 2024
@mjnagel mjnagel added sso Issues related to the SSO stack (Keycloak/Authservice) security labels Jul 2, 2024
@rjferguson21
Copy link
Contributor Author

rjferguson21 commented Jul 15, 2024
edited

Just adding a note here @austenbryan would love metrics showing 'active users over time'. I believe this would be necessary to provide that kind of view.

I also noticed https://github.com/aerogear/keycloak-metrics-spi which would might be worth looking into but would probably be less useful for auditing and satisfying controls.

@mjnagel mjnagel added this to the 0.25.0 milestone Jul 22, 2024
@rjferguson21 rjferguson21 mentioned this issue Jul 25, 2024
Merged
5 tasks
@rjferguson21
Copy link
Contributor Author

Poked at this for a second and realized we are already logging events, but they were not JSON so created this PR #610 to enable JSON logging.

Unfortunately the default event handler prints the event information as part of its string "message" so if we actually wanted to leverage this for auditing I think we'd probably want to create a custom event listener that printed the event information as JSON. There might be existing implementations out there.

rjferguson21 added a commit that referenced this issue Jul 26, 2024
@rjferguson21 @mjnagel
feat: add json logging for keycloak (#610)
29ed934 
## Description
Adds optional flag to configure Keycloak to log JSON formatted logs.
Defaults to `true`.

JSON formatted log lines are preferable when doing log aggregation or
parsing and allows users to filter more sanely when viewing logs in
Grafana. This would also be a step in the direction of satisfying
auditing and reporting needs based on existing log output as mentioned
in #522.

Note: This falls short of addressing our auditing/reporting needs for
Keycloak as event log information is surfaced in the the log line as a
`message` field which ends up being a string regardless of this PR.

## Related Issue
Relates to #522 

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [ ] Test, docs, adr added or updated as needed
- [ ] [Contributor
Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)
followed

Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
@UnicornChance UnicornChance self-assigned this Jul 26, 2024
@UnicornChance UnicornChance mentioned this issue Jul 30, 2024
Merged
5 tasks
@UnicornChance UnicornChance linked a pull request Jul 30, 2024 that will close this issue
feat: creation of event listener defenseunicorns/uds-identity-config#171
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@UnicornChance UnicornChance

Labels
enhancement New feature or request security sso Issues related to the SSO stack (Keycloak/Authservice)
Projects
None yet
Milestone
0.25.0
Development

Successfully merging a pull request may close this issue.

feat: creation of event listener defenseunicorns/uds-identity-config
3 participants
@rjferguson21 @mjnagel @UnicornChance