This extension exposes several metrics about attempted logins to non-existent clients:
keycloak_failed_login_attempts_created
keycloak_failed_login_attempts_total
keycloak_login_attempts_created
keycloak_login_attempts_total
The problem is that if some script kiddie scans keycloak they might use any data as client id which will cause a huge number metrics:
Expected Behavior
I would expect that this extension only creates metrics for existing clients and maybe exposes one metric which records all the events for non-existent clients.
Environment
keycloak-metrics-spi: 5.0.0
Keycloak: 23.0.7
Steps to reproduce
Start keycloak with the keycloak-metrics-spi extension
Description
This extension exposes several metrics about attempted logins to non-existent clients:
keycloak_failed_login_attempts_created
keycloak_failed_login_attempts_total
keycloak_login_attempts_created
keycloak_login_attempts_total
The problem is that if some script kiddie scans keycloak they might use any data as client id which will cause a huge number metrics:
Expected Behavior
I would expect that this extension only creates metrics for existing clients and maybe exposes one metric which records all the events for non-existent clients.
Environment
Steps to reproduce
sum by(__name__, client_id) ({client_id="foo1"})