Understanding the HTTP requests flow through your Keycloak server can be helpful for debugging purposes and analyzing user interactions. This article will teach you how you can dump incoming HTTP requests in Keycloak distribution powered by Quarkus.
Configuring Access Logs in Keycloak
Firstly, if you are new to Keycloak distribution with Quarkus we recommend checking this article: Getting started with Keycloak powered by Quarkus
In general terms, the core Keycloak configuration is defined in the $KEYCLOAK_HOME/conf/keycloak.conf
file. However, enabling HTTP request dump is not a core Keycloak functionality. Therefore, you need to fallback to Quarkus configuration in order to enable it.
To do that, follow these steps:
- Create a
quarkus.properties
file in the$KEYCLOAK_HOME/conf
folder - Within it, enable access-log to true
- Set access-log pattern to long
Here is a sample quarkus.properties
file:
quarkus.http.access-log.enabled=true quarkus.http.access-log.pattern=long quarkus.http.access-log.log-to-file=true quarkus.http.access-log.rotate=true
Out of the box, you will find the access logs in the quarkus.log
file in the same folder where you started Keycloak/Quarkus:
Using environment properties to enable Access Logs
On the other hand, you can also use the following environment properties to enable access logs and therefore the HTTP Request dump for your Keycloak Server:
QUARKUS_HTTP_ACCESS_LOG_ENABLED=true QUARKUS_HTTP_ACCESS_LOG_PATTERN=long QUARKUS_HTTP_ACCESS_LOG_LOG_TO_FILE=true QUARKUS_HTTP_ACCESS_LOG_ROTATE=true
Conclusion
In this article we have covered how to configure Access Logs in keycloak/Quarkus distribution in order to enable the dump of HTTP Requests. On the other hand, If you’re primarily interested in analyzing successful authentication flows, consider reviewing Keycloak’s built-in audit events. These events provide information about successful login attempts, user consent activities, and other administrative actions.