Keycloak

Keycloak is an open source tool for SSO-based identity and access management that can be used as a single source for authentication and access to multiple services. This removes the hassles of creating and maintaining the login and user management forms. Enabling SSO allows users to access multiple applications with a single active session. Keycloak can be configured to authenticate users through LDAP, Active Directory servers, and data available in relational databases. It supports role-based and fine-grained authorization services. You can manage permissions for all your services from the Keycloak admin console which gives you the power to define the policies you need. For more details on the Keycloak project, see https://www.keycloak.org/.

Red Hat SSO

Red Hat SSO is based on the Keycloak project. You can secure your web applications by providing Web SSO capabilities based on popular standards such as OpenID Connect, OAuth 2.0, and SAML 2.0. The Red Hat SSO server acts as an OpenID Connect or SAML-based identity provider (IdP). The Red Hat SSO server can use a third-party IdP or an enterprise user directory for securing your applications through standards-based security tokens. Red Hat SSO is part of the core infrastructure at many organizations for access management. Monitoring Red Hat SSO effectively is vital in ensuring the security and availability of the enterprise IT infrastructure. Keycloak supports role-based and fine-grained authorization services. You can manage permissions for all your services from the admin console, and it gives you the power to define the policies you need. For more information on Red Hat SSO and the supported configurations, see https://access.redhat.com/products/red-hat-build-of-keycloak. The out-of-the-box metrics that come with Keycloak provide insights into the underlying JBoss EAP platform that Red Hat SSO runs on rather than the Keycloak-specific metrics such as the number of successful logins, failures, client logins, and so on. It provides more insights into the activities. To install Red Hat SSO and set up client applications, see Chapter 1. Installing a sample instance of Red Hat Single Sign-On.

Aerogear Keycloak Metrics API

Aerogear Keycloak Metrics API is a Keycloak extension that provides extended metrics by leveraging the Keycloak eventing capabilities and exposing the underlying metrics captured on predefined endpoints. The general structure of the endpoint is <baseurl>/realms/<realmname>/metrics, for example, http://localhost:8080/auth/realms/demo/metrics.

To enable Aerogear Keycloak Metrics API for Red Hat SSO:

1. Download metrics spi jar file (an older version 2.5.1 for Red Hat SSO) as later versions require Java SDK 17 and later Red Hat SSO supports SDK 1.8 to 1.11

   “<RHSSO_HOME>/standalone/deployments” folder and it will be hot deployed.

2. Enable the metrics for each realm that you want the metrics to be available. Log on to the Red Hat web console and select Events: http://localhost:8080/auth/admin/master/console/#/realms/<realmname>/events-settings

Enable events monitoring for the realms individually.

Note:

In the recent version of Red Hat SSO Keycloak, the supported JDK version is 1.17, and the latest version of the Aerogear metrics API is supported. Copy the metrics-api-<version>/jar files into the <rhsso-installation>/providers folder.

Configuring the Instana Prometheus sensor

Instana is a fully automated application performance management (APM) solution. Instana automatically discovers and monitors the ever-changing infrastructure that makes up a modern application.

With Instana, it is easy to capture Prometheus metrics and correlate them by using the extensive knowledge graph. After you install the Instana host agent, the Instana Prometheus sensor is automatically installed. Enable and configure the Prometheus sensor on Instana. The Instana configuration file is available at <agent_install_dir>/etc/instana/configuration.yaml.

After the sensor is configured, the Prometheus app is displayed in your Instana host dashboard as shown in the figure.

Conclusion

A custom home dashboard with the metrics that you want to watch can be created on Instana. For more details on building custom dashboards, see Building custom dashboards.