This message was deleted.
# generalm
microscopic-answer-24504
03/21/2023, 1:48 PMThis message was deleted.
h
high-optician-2097
03/21/2023, 2:23 PM
What exactly are you looking for? 🙂
high-optician-2097
03/21/2023, 2:23 PM
As in what metrics
c
curved-ram-6189
03/21/2023, 4:16 PMWe're going to be using this Identity Provider in a secure healthcare application, so we're looking to understand what events are logged and what information we could use in an audit situation. Is there an extensible interface for logging that would allow sending logs to a third party (e.g. SIEM)
curved-ram-6189
03/23/2023, 11:55 AM@high-optician-2097 Does this clarify my question?
h
high-optician-2097
03/23/2023, 12:20 PM
Not yet, but we’re in the progress of capturing these events and want to expose them to customers too. This won’t be possible as part of the self-hosting though, as much more plumbing is required to make this scalable, especially when different formats are involved (such as SIEM). If you’re interested I can connect you to our product division to talk about your needs and figure out how we could fulfill them
high-optician-2097
03/23/2023, 12:21 PM
Sorry, it does clarify the question. The not yet was wrt the earlier reply :)
c
curved-ram-6189
03/23/2023, 12:22 PMNo worries I got it 🙂. Unfortunately this is a bit of a sticking point for us. We have requirements and standards to meet both for external auditors and our internal tooling. If the open source bits could be customized to send an API request on certain events (e.g. interceptor) with some basic metadata then that would be enough I think.
curved-ram-6189
03/23/2023, 12:23 PMI don't think we're in the market for a paid solution unfortunately.
h
high-optician-2097
03/23/2023, 12:24 PM
Why not if I may ask?
c
curved-ram-6189
03/23/2023, 12:25 PMWe're already using Keycloak and if we were to migrate to something paid it would probably just be Okta. We like ORY's API-focussed approach very much though, as we've had issues with cookie-based flows in keycloak.
h
high-optician-2097
03/23/2023, 12:27 PM
I would not recommend going Okta, they are a predatory sales organization. Wouldn’t it be much nicer to support the open source ecosystem with a solution you love while also ensuring its longevity?
c
curved-ram-6189
03/23/2023, 12:28 PMSadly I am not the decision maker here 🙂 .
h
high-optician-2097
03/23/2023, 12:28 PM
gotcha 😉
c
curved-ram-6189
03/23/2023, 12:29 PMAre you saying it wouldn't be possible to customize ory hydra/kratos with a simple logging interceptor? I haven't gotten too deep in the logs yet.
h
high-optician-2097
03/23/2023, 12:31 PM
I know too little about the specific events you want to capture to answer that. I would highly discourage you from forking the project as you’ll just end up with something noone maintains that falls behind upstream significantly. Maybe if you do this interception at the API gateway level it could be possible, but it again depends on context
c
curved-ram-6189
03/23/2023, 1:55 PMWe weren't planning to fork it, but we need to be able to extend the project in some fashion. Is there a plugins system or a way to import components? As for events we're talking "login, logout, access denied, registered".. etc. Nothing complex at this time.
5 Views