• Stars
    star
    134
  • Rank 270,967 (Top 6 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created over 7 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Keycloak Extension for health checks

Keycloak Health Checks

A collection of health-checks for Keycloak subsystems.

Supported Checks

  1. Filesystem (Instance Level)
  2. Database (Instance Level)
  3. Infinispan Cluster state (Instance Level)
  4. LDAP User Federation (Realm Level)

Requirements

  • Keycloak 20.0.0

Compatibility

Keycloak-Health Check Version Keycloak Keycloak.X
15.0.2.0 15.0.2 - 17.0.1 not supported
17.0.1.4 17.0.1 - 18.0.1 17.0.1 - 18.0.1
19.0.3.0 19.0.1 - 19.0.3 19.0.1 - 19.0.3
20.0.0.0 20.0.0 not supported

Build

mvn install

Keycloak.X

Installation

Copy the keycloak-health-checks.jar file into the /providers folder of your Keycloak.X installation.

Removal

Delete the keycloak-health-checks.jar file from the /providers folder.

Configuration

The following health-check providers are supported:

  • infinispan
  • database
  • ldap
  • filesystem

To disable the filesystem-health check, one can use the following config setting in keycloak.conf

spi-health-filesystem-health-enabled=false

Running example

Start Keycloak and browse to: http://localhost:8080/auth/realms/master/health/check

You should now see something like with HTTP Status 200 OK

curl -v http://localhost:8080/auth/realms/master/health/check | jq -C .
...
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Type: application/json
< Content-Length: 1090
< Date: Wed, 06 Feb 2019 19:09:42 GMT
{
  "details": {
    "database": {
      "connection": "established",
      "state": "UP"
    },
    "filesystem": {
      "freebytes": 425570316288,
      "state": "UP"
    },
    "infinispan": {
      "clusterName": "ejb",
      "healthStatus": "HEALTHY",
      "numberOfNodes": 1,
      "nodeNames": [
        "neumann"
      ],
      "cacheDetails": [
        {
          "cacheName": "realms",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "authenticationSessions",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "sessions",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "authorizationRevisions",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "work",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "clientSessions",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "keys",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "users",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "loginFailures",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "authorization",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "offlineClientSessions",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "realmRevisions",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "offlineSessions",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "actionTokens",
          "healthStatus": "HEALTHY"
        },
        {
          "cacheName": "userRevisions",
          "healthStatus": "HEALTHY"
        }
      ],
      "state": "UP"
    },
    "ldap": {
      "ldapStatus": {
        "ldap1": {
          "providerName": "ldap1",
          "status": "OK"
        }
      },
      "state": "UP"
    }
  },
  "name": "keycloak",
  "state": "UP"
}

In case a check fails, you should get a response with HTTP Status 503 SERVICE UNAVAILABLE with a body like:

{
   "details":{
      "filesystem":{
         "state":"UP"
      },
      "database":{
         "message":"javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:jboss/datasources/KeycloakDS",
         "state":"DOWN"
      },
      "infinispan": {
         "numberOfNodes": 1,
         "state": "UP",
         "healthStatus": "HEALTHY",
         "nodeNames": [],
         "cacheDetails": [
         {
           "cacheName": "realms",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "authenticationSessions",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "sessions",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "authorizationRevisions",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "clientSessions",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "work",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "keys",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "users",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "loginFailures",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "offlineClientSessions",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "authorization",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "realmRevisions",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "offlineSessions",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "actionTokens",
           "healthStatus": "HEALTHY"
         },
         {
           "cacheName": "userRevisions",
           "healthStatus": "HEALTHY"
         }],
         "clusterName": "ISPN"
        }
   },
   "ldap": {
     "ldapStatus": {
       "ldap1": {
         "providerName": "ldap1",
         "status": "ERROR",
         "errorMessage": "LDAP Query failed",
         "hint": "Connection refused (Connection refused): localhost:13891"
       }
     },
     "state": "DOWN"
   },
   "name":"keycloak",
   "state":"DOWN"
}

You can also query the health-checks individually by appending the name of the check to the end of /health endpoint URL.

The following health-checks are currently available:

  • database
  • filesystem
  • infinispan
$ curl -s http://localhost:8080/auth/realms/master/health/check/database | jq -C .
{
  "state": "UP",
  "details": {
    "connection": "established",
    "state": "UP"
  },
  "name": "database"
}

Securing the health endpoint

The health endpoint should not be directly exposed to the internet. There are multiple ways to properly secure Keycloak endpoints like firewalls, reverse-proxies, or JBoss / wildfly specific configuration options.

The keycloak documentation provides additional information about securing admin endpoints. The same mechanism can be used to protect the health-endpoints.

More Repositories

1

awesome-keycloak

A curated list of resources for learning about http://www.keycloak.org
1,458
star
2

keycloak-extension-playground

Simple project environment for creating custom Keycloak extensions
Java
540
star
3

embedded-spring-boot-keycloak-server

Keycloak JAX-RS application embedded in a Spring-Boot App.
Java
263
star
4

keycloak-project-example

An example project for Keycloak Customizations
Java
237
star
5

keycloak-docker-demo

Repository for Keycloak Demos
Java
182
star
6

spring-boot-2-keycloak-oauth-example

PoC for Spring Boot 2 + Spring Security 5 + Keycloak 3.4.3 without Keycloak Adapter
Java
142
star
7

spring-labs

Here be dragons
Java
94
star
8

spring-boot-keycloak-server-example

THIS PROJECT MOVED: PoC for embedding Keycloak's JAX-RS application in a Spring-Boot App. New Location:
Java
92
star
9

keycloak-user-storage-provider-demo

Simple custom User Storage Provider extension for Keycloak. Deployed as .ear with dependencies & jboss-cli based setup.
Java
89
star
10

springio18-spring-keycloak

Slides & Code from my "How to secure your Spring Boot Apps with Keycloak" talk at Spring I/O 2018
Java
88
star
11

keycloak-avatar-minio-extension

Simple example for managing avatar images with Keycloak
Java
69
star
12

spring-boot-admin-keycloak-example

Example for protecting Spring Boot Admin & Spring Boot Actuator endpoints with Keycloak
Java
57
star
13

spring-boot-prometheus-example

Simple example for exposing Metrics in a Spring Boot App for consumption by Prometheus
Shell
51
star
14

kc-dnc-demo

PoC for securing AspNetCore based Web Apps with Keycloak.
C#
38
star
15

keycloak-freeradius-demo

PoC for delegating a free-radius authentication to Keycloak via PAM
Dockerfile
25
star
16

screen-casting-app

Spring Boot App which periodically captures Screenshots of the current system and exposes them via a simple Web-Interface
Java
22
star
17

quarkus-keycloak-demo

Simple example for a stateless JAX-RS webservice that can be accessed with JWTs issued by Keycloak
HTML
22
star
18

vertx-playground

Some experiments with the Vert.x Web Framework
Java
21
star
19

keycloak-custom-server

Custom Keycloak.X Server Distribution with selective features
Java
20
star
20

spring-boot-protobuf-example

Revised version of Josh Longs Spring Boot Protobuf example from 2015 https://spring.io/blog/2015/03/22/using-google-protocol-buffers-with-spring-mvc-based-rest-services
Shell
19
star
21

spring-boot-micro-frontend-example

Simple Spring Boot frontend integration with ParcelJS
Java
18
star
22

keycloak-tc-extension-playground

Example for testing Keycloak extensions in docker with testcontainers
Java
16
star
23

keycloak_mod_auth_oidc_example

Demonstrates the configuration of the mod_auth_oidc Apache Module for use with Keycloak.
PHP
14
star
24

wjax2018-spring-keycloak

Code & Slides for my "Securing Spring Apps with Keycloak" talk at WJAX 2018
Java
13
star
25

prometheus-spring-boot-starter

An unofficial spring-boot-starter for the Prometheus Monitoring System
Shell
12
star
26

spring-boot-keycloak-jwe-example

PoC: Spring Boot Keycloak Signed & Encrypted JWT Example
Java
12
star
27

keycloak-infini-kube

PoC for a Keycloak Dockerimage with service discovery via KUBE_PING
Shell
12
star
28

keycloak-extensions-talk

Talk and Slides of my talk about Keycloak Extension Development
Java
10
star
29

keycloak-opa-config-validation

PoC for Validating Keycloak Configurations with Open Policy Agent Polices
Open Policy Agent
9
star
30

custom-opa-spicedb

OPA Authzed experiments
Go
9
star
31

go-kc-example

PoC for Keycloak OIDC Support in Golang
Go
7
star
32

custom-opa-openfga

OPA OpenFGA experiments
Go
6
star
33

spring-data-in-memory-poc

Java
6
star
34

keycloak-graalvm-js-scripting-provider

GraalVM.JS based JavaScript ScriptingProvider extension for Keycloak.
Java
5
star
35

jcon2017-keycloak

Code & Slides of my SSO with Keycloak talk at JCON 2017
Java
5
star
36

spring-boot-keycloak-graphql-demo

Example for securing a Spring Boot based GraphQL app with Keycloak
Java
5
star
37

de.tutorials.training.spring311

Tutorials.de Example Demonstrating some Spring 3.1.1 Goodness
JavaScript
5
star
38

quarkus-jumpstart-talk

Java
5
star
39

spring-boot-jee-web-example

Java
4
star
40

asw-web2-examples

Examples for the Course Web2 at ASW Berufsakademie Saarland
Java
4
star
41

sd-repositories-best-practices-javaland

Code & Slides from Spring Data Repositories Best Practices Talk at JavaLand 2016
Java
4
star
42

spring-boot-custom-starter-example

Java
4
star
43

spring-boot-cdi-instance-example

Prototypic implementation of support for CDI Instance<T> backed by a Spring BeanFactory.
Java
3
star
44

zitadel-spring-boot-examples

Zitadel.ch Example Project with Spring Boot and Spring Security
Java
3
star
45

wildfly-buildpack

Ruby
3
star
46

extism-java-example

Simple example for using the java-sdk of the extism web assembly plugin system.
Java
3
star
47

acme-keycloakx-demo

FreeMarker
2
star
48

java16-panama-win-dll-demo

Demo for calling a function from a Windows 64-bit DLL with Panama's Foreign Linker API
C
2
star
49

quarkus-demo

HTML
2
star
50

js-storytelling

JavaScript
2
star
51

thomasdarimont.github.com

The GitHub Page of thomasdarimont
JavaScript
2
star
52

java-docker-training

Java
2
star
53

spring-boot-k8s-app

Example spring-boot app with custom Java Image that can be run in Kubernetes
Dockerfile
2
star
54

keycloak-13.0.1-docker-microprofile-workaround

Workaround for removed Smallrye / Microprofile components for Keycloak 13.0.x
Dockerfile
2
star
55

spring-boot-dockerized-service-example

Shell
1
star
56

jvmoa

JVM Option Analyzer - A java based tool to list jvm settings of a local or a remote jvm
Java
1
star
57

spring-boot-keycloak-actuator-example

Shell
1
star
58

keycloakify-demo-app

TypeScript
1
star
59

java-workbench

Java Workbench for trying out things in various JDKs
Java
1
star
60

spring-boot2-training

Some experiments with Spring Boot 2
Java
1
star
61

spring-boot-keycloak-server-gist

Embedded Keycloak Server in Spring Boot
Java
1
star
62

embedded-quarkus-keycloak-server-example

PoC for an embedded keycloak server with Quarkus
HTML
1
star
63

spring-boot-layered-dockerimage-with-fabric8-demo

Example for building a layered Docker Image with fabric8 Maven Plugin and Spring Boot 2.3.0+
Java
1
star
64

reified-java-demo

Java
1
star
65

spring-boot-graal-demo

Java
1
star
66

spring-boot-camel-hawt-io-example

Java
1
star
67

git-training

Training project to learn how to do distributed development using git
1
star
68

de.thomasdarimont.labs.jpa

Plain JPA Examples Repository - Mostly for reporting bugs in the persistence providers
Java
1
star
69

201905-dubjug-keycloak-talk

Notes & Slides from Keycloak talk at Dublin Java User Group 2019
1
star
70

spring-boot-thymeleaf-layout-example

Shell
1
star
71

spring-boot-tls-with-san

Simple example for x509 Client Authentication with Mutual TLS
Java
1
star
72

javaland2023-authz-for-java-devs-with-opa

Slides & Code
1
star
73

jwks-aggregator

Java
1
star
74

goexercises

Go
1
star
75

archetype-demo

Custom Maven Archtetype Example that can be fetched via jitpack
Java
1
star
76

spring-training-spring-boot-keycloak-direct-access-grant-form-auth

PoC for using Keycloaks direct access grants as backing auth mechanism for form-based auth in a traditional spring security application
Java
1
star
77

springxd-smartgrid-demo

springxd-smartgrid-demo
1
star
78

keycloak-patches

backported patches for existing Keycloak versions
Java
1
star