# Keycloak

### Prerequisites

* [ ] Keycloak installed and running
* [ ] Radiant Security Agent installed and running
* [ ] Access to the Keycloak configuration file (`keycloak.conf`)

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data** **Connectors** and click **+ Add Connector.**&#x20;
3. Search for and select the **Radiant Agent** option and then click **Data** **Feeds.**
4. Under **Select your data feeds**, select **Keycloak** and click **Credentials**.
5. Under **Credential** **Name**, give your Radiant Agent integration an identifiable name (e.g. `Radiant Agent Integration`).
6. Click **Add** **Connector**.

### Configure a local Radiant Security Agent

Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs.

Before you begin the [Configure log forwarding in Keycloak](#configure-log-forwarding-in-keycloak) section, ensure you have the following information from your agent installation:

* The **IP address** or **hostname** of the server on which the agent is installed.
* The **port** configured for receiving Keycloak data.

### Configure log forwarding in Keycloak

There are two options to configure log forwarding in Keycloak:

1. Configure the Keycloak configuration file (recommended)
2. Start Keycloak with the logging options

#### **Configure the Keycloak configuration file**

1. Access your Keycloak installation and navigate to the configuration file.
2. Add the following lines to your Keycloak configuration file (`keycloak.conf`):

{% hint style="warning" %}
**Important note:** Don't forget to replace the placeholder values for **Radiant Agent IP** (`radiant-agent-ip` ) and for **port** (`radiant-agent-keycloak-port`).
{% endhint %}

```bash
# Enable the syslog handler. Use log=console,syslog to enable both console and syslog.
log=syslog

# Set the syslog endpoint (IP and port)
log-syslog-endpoint=<radiant-agent-ip>:<radiant-agent-keycloak-port>

# Enable JSON output format
log-syslog-output=json

# Set the log level for specific categories
log-syslog-level=org.keycloak.events:INFO
```

3. Restart Keycloak.

#### **Start Keycloak with the logging options**

Optionally, you can start Keycloak with the following logging options:

```bash
bin/kc.sh start --log="console,syslog" --log-syslog-endpoint=<radiant-agent-ip>:<radiant-agent-keycloak-port> --log-syslog-output=json --log-syslog-level="org.keycloak.events:INFO"
```

For more information about the logging options, refer to the [Keycloak documentation](https://www.keycloak.org/server/logging#_centralized_logging_using_syslog).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/keycloak.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.