diff --git a/docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc b/docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc index 9599fc02682..4aa0a48d4c3 100644 --- a/docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc +++ b/docs/documentation/upgrading/topics/changes/changes-25_0_0.adoc @@ -3,6 +3,19 @@ Metrics for the embedded caches are now enabled by default. To enable histograms for latencies, set the option `cache-metrics-histograms-enabled` to `true`. += Metrics for HTTP endpoints enabled by default + +The metrics provided by {project_name} now include HTTP server metrics starting with `http_server`. +See below for some examples. + +[source] +---- +http_server_active_requests 1.0 +http_server_requests_seconds_count{method="GET",outcome="SUCCESS",status="200",uri="/realms/{realm}/protocol/{protocol}/auth"} 1.0 +http_server_requests_seconds_sum{method="GET",outcome="SUCCESS",status="200",uri="/realms/{realm}/protocol/{protocol}/auth"} 0.048717142 +---- + + = Nonce claim is only added to the ID token The nonce claim is now only added to the ID token strictly following the OpenID Connect Core 1.0 specification. As indicated in the specification, the claim is compulsory inside the https://openid.net/specs/openid-connect-core-1_0.html#IDToken[ID token] when the same parameter was sent in the authorization request. The specification also recommends to not add the `nonce` after a https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokenResponse[refresh request]. Previously, the claim was set to all the tokens (Access, Refresh and ID) in all the responses (refresh included). diff --git a/docs/guides/server/configuration-metrics.adoc b/docs/guides/server/configuration-metrics.adoc index 70e413e3c1a..1fa96b6c4c9 100644 --- a/docs/guides/server/configuration-metrics.adoc +++ b/docs/guides/server/configuration-metrics.adoc @@ -69,6 +69,9 @@ The table below summarizes the available metrics groups: |Database |A set of metrics from the database connection pool, if using a database. +|HTTP +|A set of global and individual metrics from the HTTP endpoints + |Cache |A set of metrics from Infinispan caches. See <@links.server id="caching"/> for more details. diff --git a/quarkus/runtime/src/main/resources/application.properties b/quarkus/runtime/src/main/resources/application.properties index 5b64cb01f57..06e86ee212b 100644 --- a/quarkus/runtime/src/main/resources/application.properties +++ b/quarkus/runtime/src/main/resources/application.properties @@ -8,13 +8,6 @@ quarkus.banner.enabled=false # Disable health checks from extensions, since we provide our own (default is true) quarkus.health.extensions.enabled=false -# Disable http metrics binder as URL parameters are only shown with placeholders for '/resource' URLs, but not -# for '/admin' and '/realms'. Neither the IDs of entities nor the realm name should be part of the metric names -# to avoid an explosion of metric names which would lead to memory exhaustion in Keycloak and to a resource -# exhaustion in the connected monitoring systems. -# See https://github.com/keycloak/keycloak/issues/17281 for a discussion -quarkus.micrometer.binder.http-server.enabled=false - # Enables metrics from other extensions if metrics is enabled quarkus.datasource.metrics.enabled=${quarkus.micrometer.enabled:false} diff --git a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/MetricsDistTest.java b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/MetricsDistTest.java index 2aed228c17f..bfc486996b9 100644 --- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/MetricsDistTest.java +++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/MetricsDistTest.java @@ -48,6 +48,7 @@ public class MetricsDistTest { when().get("/metrics").then() .statusCode(200) .body(containsString("jvm_gc_")) + .body(containsString("http_server_active_requests")) .body(containsString("vendor_statistics_hit_ratio")) .body(not(containsString("vendor_statistics_miss_times_seconds_bucket")));