Notifications and Alerts
Keycloak event logging
Section titled “Keycloak event logging”UDS Core provides built-in logging for user activity events and administrative events for the uds
Realm.
A typical user activity event looks like the following:
{ "timestamp": "2025-09-25T09:16:27.360000000Z", "loggerName": "uds.keycloak.plugin.eventListeners.JSONLogEventListenerProvider", "eventType": "USER", "id": "00435000-25cf-4fda-a8ef-a53d9ebab77f", "time": 1758791787360, "type": "REFRESH_TOKEN", "realmId": "1e78c15a-ac93-4014-aa2f-83bbe7ec0121", "realmName": "uds", "clientId": "test-client", "userId": "cdf56084-83c7-46fa-ae4a-1a2da352071e", "sessionId": "c3be023a-8e3d-4d84-a745-413ff3565f06", "ipAddress": "127.0.0.1", "error": null, "details": { "token_id": "onltrt:bbe5a8e9-6086-445b-2833-3245d4041557", "grant_type": "refresh_token", "refresh_token_type": "Refresh", "access_token_expiration_time": "60", "updated_refresh_token_id": "49344dc5-66bc-c1d3-0d9f-3b282c70ff54", "scope": "openid email profile", "age_of_refresh_token": "1689", "refresh_token_id": "d3319e43-be42-fc6a-5da4-f43966277c6e", "client_auth_method": "client-secret" }}
Example administrative event may look like this:
{ "timestamp": "2025-09-25T08:47:33.392000000Z", "loggerName": "uds.keycloak.plugin.eventListeners.JSONLogEventListenerProvider", "eventType": "ADMIN", "id": "766d8e4b-41ce-4ec6-bef9-d1573cc9c720", "time": 1758790053392, "realmId": "uds", "realmName": "uds", "authDetails": { "realmId": "1e78c15a-ac93-4014-aa2f-83bbe7ec0121", "realmName": "master", "clientId": "38f60965-fc2c-4471-8351-02704a780945", "userId": "cdf56084-83c7-46fa-ae4a-1a2da352071e", "ipAddress": "127.0.0.1" }, "resourceType": "CLIENT", "operationType": "UPDATE", "resourcePath": "clients/8e5ed10f-fde2-4ee3-990f-b3e9bf7194c6", "representation": "{\"id\":\"8e5ed10f-fde2-4ee3-990f-b3e9bf7194c6\",\"clientId\":\"test\",\"name\":\"\",\"description\":\"\",\"rootUrl\":\"\",\"adminUrl\":\"\",\"baseUrl\":\"\",\"surrogateAuthRequired\":false,\"enabled\":true,\"alwaysDisplayInConsole\":false,\"clientAuthenticatorType\":\"client-jwt\",\"secret\":\"**********\",\"redirectUris\":[\"/*\"],\"webOrigins\":[\"/*\"],\"notBefore\":0,\"bearerOnly\":false,\"consentRequired\":false,\"standardFlowEnabled\":true,\"implicitFlowEnabled\":false,\"directAccessGrantsEnabled\":false,\"serviceAccountsEnabled\":false,\"authorizationServicesEnabled\":false,\"publicClient\":false,\"frontchannelLogout\":true,\"protocol\":\"openid-connect\",\"attributes\":{\"realm_client\":\"false\",\"oidc.ciba.grant.enabled\":\"false\",\"client.secret.creation.time\":\"1758789997\",\"backchannel.logout.session.required\":\"true\",\"standard.token.exchange.enabled\":\"false\",\"oauth2.device.authorization.grant.enabled\":\"false\",\"backchannel.logout.revoke.offline.tokens\":\"false\",\"pkce.code.challenge.method\":\"\",\"login_theme\":\"\",\"display.on.consent.screen\":\"false\",\"consent.screen.text\":\"\",\"frontchannel.logout.url\":\"\",\"frontchannel.logout.session.required\":\"true\",\"use.jwks.url\":\"false\",\"token.endpoint.auth.signing.alg\":\"\",\"token.endpoint.auth.signing.max.exp\":\"\"},\"authenticationFlowBindingOverrides\":{},\"fullScopeAllowed\":true,\"nodeReRegistrationTimeout\":-1,\"defaultClientScopes\":[\"web-origins\",\"acr\",\"profile\",\"roles\",\"email\"],\"optionalClientScopes\":[\"address\",\"phone\",\"offline_access\",\"bare-groups\",\"microprofile-jwt\"],\"access\":{\"view\":true,\"configure\":true,\"manage\":true}}", "error": null, "details": null, "resourceTypeAsString": "CLIENT"}
Master realm event logging
Section titled “Master realm event logging”Event logging is not enabled in the master
realm by default because this realm may not exist. To enable it:
- In the Keycloak Admin Console, select the
master
realm. - Go to Realm Settings > Events.
- Add
jsonlog-event-listener
to Event Listeners. - Click Save.