Question - MetricsEventListener - getClientId - event - context check #116

New issue

Closed

opened 2025-03-18 12:31:19 +01:00 by hbmuc1970 · 3 comments

hbmuc1970 commented

2025-03-18 12:31:19 +01:00

(Migrated from github.com)

Hello,

if I try out your event listener with account and account console clients provided by keycloak:

http://localhost:8080/auth/realms/sample-realm/account/

login and logout - I do not get the client in the LOGOUT metrics client label because the event is created by account-console, but the check finds account client in the keycloak context. Then I just get UNKNOWN because of the miss match. I get the account-console as client e.g. for the LOGIN event.

As there is already a clientId in the event itself, is this extra event clientId - context clientId check really necessary. - correct?

https://github.com/kokuwaio/keycloak-event-metrics/blob/main/src/main/java/io/kokuwa/keycloak/metrics/event/MetricsEventListener.java

private String getClientId(String clientId) {
return Optional.ofNullable(session.getContext())
.map(KeycloakContext::getClient)
.filter(model -> Objects.equals(model.getClientId(), clientId))
.map(ClientModel::getClientId)
.orElseGet(() -> {
log.tracev("Client for id {0} is unknown", clientId);
return "UNKNOWN";
});
}

I don't understand already how these 2 Keycloak clients work - but I have 2 correct clients and get UNKNOWN?

I'm using Keycloak 24.0.5.

Best Regards, Hermann

Hello, if I try out your event listener with account and account console clients provided by keycloak: http://localhost:8080/auth/realms/sample-realm/account/ login and logout - I do not get the client in the LOGOUT metrics client label because the event is created by account-console, but the check finds account client in the keycloak context. Then I just get UNKNOWN because of the miss match. I get the account-console as client e.g. for the LOGIN event. As there is already a clientId in the event itself, is this extra event clientId - context clientId check really necessary. - correct? https://github.com/kokuwaio/keycloak-event-metrics/blob/main/src/main/java/io/kokuwa/keycloak/metrics/event/MetricsEventListener.java private String getClientId(String clientId) { return Optional.ofNullable(session.getContext()) .map(KeycloakContext::getClient) .filter(model -> Objects.equals(model.getClientId(), clientId)) .map(ClientModel::getClientId) .orElseGet(() -> { log.tracev("Client for id {0} is unknown", clientId); return "UNKNOWN"; }); } I don't understand already how these 2 Keycloak clients work - but I have 2 correct clients and get UNKNOWN? I'm using Keycloak 24.0.5. Best Regards, Hermann

sschnabe commented

2025-04-28 14:21:31 +02:00

(Migrated from github.com)

The clientId at the event is always set, even if there exists no client with the given clientId in Keycloak. The line MetricsEventListener.java#L73 checks if the event clientId matches the clientId from context. If the clientId is unknown to Keycloak the client from context would be null. This line is maybe obsolete because Line #72 already checks for missing client.

This was introduced with #105/#100 to mitigate clientId spamming.

The clientId at the event is always set, even if there exists no client with the given clientId in Keycloak. The line [MetricsEventListener.java#L73](https://github.com/kokuwaio/keycloak-event-metrics/blame/main/src/main/java/io/kokuwa/keycloak/metrics/event/MetricsEventListener.java#L73) checks if the event clientId matches the clientId from context. If the clientId is unknown to Keycloak the client from context would be null. This line is maybe obsolete because Line #72 already checks for missing client. This was introduced with #105/#100 to mitigate clientId spamming.

sschnabe commented

2025-04-28 14:24:05 +02:00

(Migrated from github.com)

If also tried to reproduce your issue with Keycloak 26.2.1 but i failed. Do you have a hint how to reproduce? E.g. realm.json to import.

If also tried to reproduce your issue with Keycloak 26.2.1 but i failed. Do you have a hint how to reproduce? E.g. `realm.json` to import.