How to dump HTTP requests in Keycloak?

Understanding the HTTP requests flow through your Keycloak server can be helpful for debugging purposes and analyzing user interactions. This article will teach you how you can dump incoming HTTP requests in Keycloak distribution powered by Quarkus.

Configuring Access Logs in Keycloak

Firstly, if you are new to Keycloak distribution with Quarkus we recommend checking this article: Getting started with Keycloak powered by Quarkus

In general terms, the core Keycloak configuration is defined in the $KEYCLOAK_HOME/conf/keycloak.conf file. However, enabling HTTP request dump is not a core Keycloak functionality. Therefore, you need to fallback to Quarkus configuration in order to enable it.

To do that, follow these steps:

  • Create a file in the $KEYCLOAK_HOME/conf folder
  • Within it, enable access-log to true
  • Set access-log pattern to long

Here is a sample file:


Out of the box, you will find the access logs in the quarkus.log file in the same folder where you started Keycloak/Quarkus:

keycloak access logs dump logs

Using environment properties to enable Access Logs

On the other hand, you can also use the following environment properties to enable access logs and therefore the HTTP Request dump for your Keycloak Server:



In this article we have covered how to configure Access Logs in keycloak/Quarkus distribution in order to enable the dump of HTTP Requests. On the other hand, If you’re primarily interested in analyzing successful authentication flows, consider reviewing Keycloak’s built-in audit events. These events provide information about successful login attempts, user consent activities, and other administrative actions.