Keycloak exporter

  • Linux

  • Windows

The Keycloak exporter is used to extract statistics and status information from Keycloak.

Configuration

The exporter is provided via a Service Provider Interface (SPI) and can be downloaded here: GitHubhttps://github.com/aerogear/keycloak-metrics-spi/releases/latest[- Keycloak Metrics SPI,window=_blank]

  1. Place the file keycloak-metrics-spi.jar in the Keycloak directory [Pfad zum Keycloak]/providers/.

  2. Start Keycloak again.

  3. Activate SPI in Keycloak in each realm for which metrics are to be supplied.
    To do this, go to Manage > Events > Config in the realm settings and add the metrics listener to the event listeners:

    Configuration of the keycloak exporter events

The metrics can now be called up via the following URL: https://[hostname]/auth/realms/[realm]/metrics

The data for all realms is contained under one URL. You can also call up the master realm here, even if no event listener has been configured.

Set up exporter

As the exporter is not accessible at [hostname]/metrics, metrics_path must also be transferred here:

  - job_name: 'keycloak'
    metrics_path: /auth/realms/master/metrics
    static_configs:
        - targets: ['hostname']
          labels:
            instance: 'Keycloak Test'

Set up dashboard

See Keycloak metrics dashboard

Security

Unfortunately, the SPI does not offer any option to restrict access to the metrics. This means that by default, everyone who has access to Keycloak has access to this URL. For this reason, it is also recommended to restrict access via a proxy.

Press Esc to exit full screen
Modal image placeholder
Press Esc to exit full screen