java - Keycloak: Send AdminEvent from custom Endpoint (SPI)

问题描述

I have a Keycloak extension (Custom Endpoints, SPI). Now I want to add sending of AdminEvents, which I implemented as follows:

    private void logAdminEvent(ClientConnection clientConnection, UserRepresentation rep, OperationType operation, ResourceType resource) {
    RealmModel realm = session.getContext().getRealm();
    // beware: clientConnection must not be null because of missing check for NullPointer in Keycloak
    ClientModel client = realm.getClientByClientId(ROLE_ATTRIBUTE_CLIENT);
    AdminAuth adminAuth = new AdminAuth(realm, authResult.getToken(), authResult.getUser(), client);
    AdminEventBuilder adminEvent = new AdminEventBuilder(realm, adminAuth, session, clientConnection);
    adminEvent
            .operation(operation)
            .resource(resource)
            .authIpAddress(authResult.getSession().getIpAddress())
            .authClient(client)
            .resourcePath(session.getContext().getUri())
            .representation(rep);

    adminEvent
            .success();
}

I am aware that the admin event logging must be activated in Keycloak admin console, which I did.

Maybe it is relevant that the logged in user has no administration privileges, but it also did not work when I gave admin privileges.

I need Ideas or Hints to what I am doing wrong here. Documentation and web research unfortunately did not help.

标签： javakeycloak