In KeyCLoak 14.0, I’m trying to configure access-log to also include username (or some ID of the user) when a user is logged in. In standalone.xml, I configured
XML:/server/profile/subsystem[@xmlns=“urn:jboss:domain:undertow:12.0”]/server/host/access-log/@pattern
pattern="%h %l %u %t “%r” %s/%S %b %T %I “%{i,User-Agent}”"
The log gets correctly printed in the file I configured. However, the value of %u is always empty (that is “-”).
The only way to log some user ID I found was logging session cookie value with
%{c,KEYCLOAK_SESSION}
Which isn’t a good idea to do in production.
Any idea on how to log username or userID in access-log?
Is it a bug that %u is empty even when there is an active user session?
Alternativelly, how to put the userID in some header to use one of the following?
- %{i,xxx} for incoming headers
- %{o,xxx} for outgoing response headers
- %{c,xxx} for a specific cookie
- %{r,xxx} where xxx is an attribute in the ServletRequest
- %{s,xxx} where xxx is an attribute in the HttpSession