43a02cb821
As external link validation fails due to a redirect to HTTPS, keep them as text. Follow-up to #1738
36 lines
1.7 KiB
Text
36 lines
1.7 KiB
Text
= Keycloak uses Micrometer for metrics
|
|
|
|
Keycloak provides an optional a metrics endpoint which exports metrics in the Prometheus format.
|
|
In this release the implementation to provide this data switched from SmallRye to Micrometer, which is the https://quarkus.io/guides/micrometer[recommended metrics library for Quarkus].
|
|
|
|
Due to this change, metrics have been renamed.
|
|
The following table shows some examples.
|
|
|
|
Before upgrading it is recommended to review all metrics returned from the endpoint before and after the change, and update their usage in dashboards and alerts.
|
|
|
|
.Examples of changed metrics names
|
|
|===
|
|
|Old metric name |New metric name
|
|
|
|
|`base_gc_total`
|
|
|`jvm_gc_pause_seconds_count`
|
|
|
|
|`base_gc_time_total_seconds`
|
|
|`jvm_gc_pause_seconds_sum`
|
|
|
|
|`base_thread_count`
|
|
|`jvm_threads_live_threads`
|
|
|
|
|`vendor_agroal_*`
|
|
|`agroal_*`
|
|
|
|
|===
|
|
|
|
= Deprecated RSA_SHA1 and DSA_SHA1 algorithms for SAML
|
|
|
|
Algorithms `RSA_SHA1` and `DSA_SHA1`, which can be configured as `Signature algorithms` on SAML adapters, clients and identity providers are deprecated. We recommend to use safer
|
|
alternatives based on `SHA256` or `SHA512`. Also, verifying signatures on signed SAML documents or assertions with these
|
|
algorithms do not work on Java 17 or higher. If you use this algorithm and the other party consuming your SAML documents is running on Java 17 or higher, verifying signatures will not work.
|
|
|
|
The possible workaround is to remove algorithms such as `++http://www.w3.org/2000/09/xmldsig#rsa-sha1++` or `++http://www.w3.org/2000/09/xmldsig#dsa-sha1++` from the list
|
|
of "disallowed algorithms" configured on property `jdk.xml.dsig.secureValidationPolicy` in the file `$JAVA_HOME/conf/security/java.security`.
|