Keymate Logo

Keycloak Logs Reimagined for Modern Observability

Keymate extends Keycloak with a purpose-built event and logging framework—tracking all extensions, custom endpoints, and session flows with OpenTelemetry-powered signals. Everything is structured, tenant-aware, and policy-sensitive by design.

Beyond Defaults—Telemetry-Ready, Policy-Aware, Multi-Tenant Logging for IAM Core

From Basic Realm Logs to Enterprise-Grade Audit Streams

Out of the box, Keycloak offers limited logging and coarse-grained event hooks. Keymate enhances this with: Custom SPI (Service Provider Interface) listeners for all key flows. Support for custom authenticators, mappers, endpoints, and providers. Structured event format across all modules. Context-aware tagging (tenant, user, org-unit, session, trace ID). OTLP export to OpenTelemetry Collector. SigNoz, Kafka, SIEM-ready integration. This means login flows, token enrichment, impersonation, delegated roles, and session notes are all auditable—with fine-grained, real-time traceability.

Enhanced Event & Logging Framework for Keycloak

Enhanced Keycloak event and logging framework that provides enterprise-grade audit streams with OpenTelemetry integration and structured, tenant-aware logging.

Example: Telemetry-ready, policy-aware, multi-tenant logging for IAM core

Key Components:

Custom SPI Listeners
Structured Event Format
OpenTelemetry Export
Multi-Tenant Tagging
Session-Scoped Observability

What Makes It Unique

Custom Keycloak Event Framework

Unified event structure across all custom extensions and endpoints

Full SPI Integration

Captures events from custom authenticators, mappers, login flows

Structured JSON Logs

Ready for OTLP, Kafka, or file-based log ingestion

Multi-Tenant Tagging

Every log includes tenant, org, and delegated context

Session-Scoped Observability

Logs are tied to session IDs and trace IDs

Streaming to OpenTelemetry Collector

Logs exported via OTLP to SigNoz or any compatible backend

Immutable Audit Mode (Optional)

WORM-compatible log routing for sensitive actions

Custom Event Enrichment

Logs include action metadata, actor attributes, and context roles

Frequently Asked Questions

No—it extends it. We add deeper, structured, traceable logs for all custom and default flows.
Yes. All logs are formatted and streamed via OTLP to SigNoz, Kafka, Elasticsearch, or other destinations.
Yes. Every event includes acting role, real user ID, and impersonation context if applicable.
Yes. Events across the whole session carry the same trace ID and session ID for full correlation.
Yes. You can extend or disable specific modules and route logs by severity or action type.

How to Use This Feature

Follow these steps to enable enhanced Keycloak logging with modern observability.

Implementation Steps

1

Enable Keycloak Event Extension Module from Admin Console

2

Deploy Keymate-customized Keycloak distribution with embedded event SPI listeners

3

Configure OTLP target and log routing (SigNoz, Kafka, File)

4

Correlate events across login, token issuance, impersonation, and access flow

5

Define alert rules or retention strategies per tenant, action, or log level

6

Use SigNoz dashboards or Elastic queries to visualize activity and detect anomalies

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.