Server configuration file location

I’m trying to see the information that comes from social idp. On keycloak documentation here it says that I can enable DEBUG log level for org.keycloak.social.user_profile_dump to see data coming from social idp.I cannot find its location. I’m using quay image version 17.0.0 running it in dev mode (start-dev)

This refers still to the legacy log config.
With KC17, this has changed. See here to configure logging.

The case of social debug logging, it should be (untested, just translated from legacy to current):
log-level=INFO,org.keycloak.social.user_profile_dump=debug

This refers to setting log level before running keycloak app. I’m working on docker environment where keycloak is already running. Is there anyway to change log level of a running keycloak application.

As far as i know… no, there isn’t.

That’s a shame. I feel like trying to debug and figure things inside docker container makes things harder. I don’t want to create a new container just to see debug logs on a certain package. Not to mention that’ll be permanent that I won’t be able to turn them off after I’m done with it. And down the line I might need to see debug logs of another category. At the very least I’d expect debug logging to a file when keycloak is run with start-dev.

I just answered your question. :man_shrugging: Don’t know why you are in such a mood.

Containers don’t need to be recreated once they are stopped. You can simply stop and restart them.
You don’t necessarily need to use a Docker container, you can just start Keycloak from your filesystem, no hassle with containers for you.

Sometimes it’s also worth to understand the concepts behind a system, and not just “expecting things to work” in a certain way. Your expectations are opinionated, Keycloak is also opinionated. Unfortunately, two different opinions. But hey, that’s life.

I appreciate your answer. I am not really in a kind of mood that you think I am, sorry if it came off that way. It’s hard to carry emotions with words and I’m not really good with words myself. It is not anything against you, the way keycloak and/or docker works. I just described a problematic situation that I faced, that’s all.

You’re welcome :slightly_smiling_face:

Keycloak 17+ is based on Quarkus. Quarkus is an app framework which optimizes its environment for performance. And this is achieved (not only but also) with immutability of resources. It’s a tradeoff, yes, but it’s the approach of Quarkus. And thus, we have to deal with it. With all the pros and cons.
Before, Keycloak Legacy, based on Wildfly, was another concept of running applications. There, it is/was possible to change config during runtime. That’s in the nature of an application server.
Quarkus isn’t an application server, it’s an application framework with an embedded http server.

1 Like

I’ve just installed keycloak on my system but I found out that --log-level is not an option for start-dev command. Isn’t there a way to change log level on development mode?

How do you thing it isn’t an option?
I’m using it successfully in my local dev environments with the start-dev command.
And it’s also mentioned in the help when you run ./kc.sh start-dev --help as valid config params.
So, why should it not work?
It actually works!

I am not at home right now but I’ll send you screenshots when I get home. When I run start-dev with --log-level option it simply gives error stating it’s not a valid option and I did run start-dev --help as well but didn’t get any message. Keycloak just started as if I didn’t use --help option.

There‘s something really strange happening on your machine.
This command shouldn‘t start the server, it should just print out the help documentation….
As I don‘t have a Windows machine at hand, I can‘t confirm it this is a bug or just something in your environment.

For anyone else struggling with this here’s how I did it.

Using a docker compose file (can probably do this in the command line), on the command parameter, add the log level.

command: start --log-level="INFO,org.keycloak.social.user_profile_dump:debug"

This will start keycloak in production mode, and will print out IdP profile information on login with an IdP, to the containers stdout.

I haven’t tested with dev mode, but I assume it would be the same, just with start-dev instead.

Hope this helps.