CODEWITHSUNDEEP
keycloak
Paul
Paul

Reputation: 271

how to read Keycloak user last logged in events

I want to be able to read user last logged in event(Keycloak). So I have read through the keycloak docs and could not find any admin api that accomplishes this. what I did so far was to add a SPI section on the standalone-ha-xml file and enable the Login event on keycloak interface. I know that these logs are store in a file called audit.log and in a JSON format. So I am not sure if it will be a good idea to try to read this file and find out when was the last time a user has logged in. any ideas?

<audit-logging>
  <file-audit-log name="local-audit" path="audit.log" relative-to="jboss.server.log.dir" format="JSON"/>
</audit-logging>

<spi name="eventsListener">
     <default-provider>jboss-logging</default-provider>
       <provider name="jboss-logging" enabled="true">
         <properties>
           <property name="success-level" value="info"/>
           <property name="error-level" value="warn"/>
        </properties>
       </provider>
</spi>

Upvotes: 2

Views: 23037

Answers (1)

matejko219
matejko219

Reputation: 1771

I think there is a better way to do this. At first you need to open Events menu and then select Config tab. Check Save Events option in Login Events Settings group. You can specify types (LOGIN) and expiration too (for how long it will be stored). Then you can read them using admin API GET /{realm}/events docs (authorization required)

https://{host}:{port}/auth/admin/realms/{realm}/events?type=LOGIN

Or you can query for them in Keycloak database but I think first option is better:

SELECT id, client_id, details_json, error, ip_address, realm_id, session_id, event_time, type, user_id 
FROM event_entity WHERE type = 'LOGIN';

Upvotes: 25

Related Questions