Nexeed
    • Introduction
    • User manual
      • Basic operation
      • Getting started
      • User
      • Groups
      • Roles
      • Organizations
      • Contracts
      • Modules
      • Identity providers
        • General Settings for the Identity Provider
        • Mapper Overview
      • Reports
      • Activity log
      • My Account
        • Overview: Login Tab
      • Configuration
        • Contents of the configuration file
        • How to work with the configuration file
    • Operations manual
      • Overview
      • System Architecture and Interfaces
      • System Requirements
        • macma/macma-webapp-backend
        • macma/macma-core
        • macma/macma-keycloak-mssql
      • Migration from Previous Versions
        • Migration to 1.37+
        • Migration to 1.34+
        • Migration to 1.33+
        • Migration to 1.32+
        • Migration to 1.31+
        • Migration to 1.29+
        • Migration to 1.28+
        • Migration to 1.27+
        • Migration to 1.26+
        • Migration to 1.25+
        • Migration to 1.21+
        • Migration to 1.20+
        • Migration to 1.19+
        • Migration to 1.18+
        • Migration to 1.17+
        • Migration to 1.16.0
        • Migration to 1.15.0
      • Setup and Configuration
        • Helm Configuration
        • macma/macma-core Configuration
        • macma/macma-keycloak-mssql Configuration
        • macma/macma-webapp-backend Configuration
        • Installation guide
        • Identity provider integration
        • Optional Configuration
        • Recommendations
        • Module Health Verification Endpoints and K8S Probes
      • Start and Shutdown
      • Regular Operations
        • Registering a new application in MACMA
          • Allowing application to use other applications
        • Change client secret of an application
      • Logging and Monitoring
        • Required Monitoring
        • Security Logging
          • Macma Security Events
          • Keycloak Security Events
          • Security Logging Format
        • Activity Logging
          • Activity Log Events
      • Known Limitations
        • Performance
        • General
        • Allowed characters and Internationalization
    • Developer documentation
      • Concepts
        • Authentication
        • Authorization
        • Resources
        • Roles
        • Sharing
      • Getting started
        • Registration
        • Authentication
        • Authorization
        • Multitenancy
      • How-to
        • Get & handle tokens
        • OAuth 2.0 for Mobile and Native Apps
        • Evolve authorization in your application lifecycle
        • Use Web Core for user login
        • Handle our integration events
        • Frequent How-To Questions for Application Developers
        • Do automated testing
        • Advertise things to colleagues
        • Integrate with additional environments
      • Deep dives
        • OAuth2 and its flows
        • OpenID Connect endpoints
    • Troubleshooting
      • Startup and availability
      • Identity provider integration
      • Resource deletion
      • Authentication
      • Authorization
    • API documentation
      • HTTP API
      • Event API
    • Glossary
Multitenant Access Control
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • AGV Control Center
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Direct Data Link
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator

Nexeed Learning Portal
  • Multitenant Access Control
  • Operations manual
  • Logging and Monitoring
  • Security Logging
  • Keycloak Security Events
1.37.1 1.37.0

Keycloak Security Events

Keycloak defines two types of events: admin events and the others. Both types of events are logged as security events where appropriate.

The event’s name for logging an admin event as security event is built from a verb and a resource type, prefixed with a 'X_'.

Example: X_CREATE_GROUP

The other keycloak events are logged as described in the table below. Some are mapped to security-event types like LOGIN_FAILED while most of them are module specific and therefore are prefixed with 'X_'.

Keycloak logs the technical realm Id as tenantId. This can differ from the actual tenantId in two cases:

  1. Keycloak Master Realm (the technical realm Id — a uuid — is logged).

  2. Nexeed installations that were created before MACMA 1.16 and had tenants renamed using Keycloak’s Admin Console. In this case you need to lookup technical realm id → realm id=tenant id which are both uuids.
Table 1. Keycloak Security Events
Keycloak Event Security Log Event

LOGIN

LOGIN_SUCCESSFUL

LOGIN_ERROR

LOGIN_FAILED

INVALID_SIGNATURE

TOKEN_SIGNATURE_INVALID

INVALID_SIGNATURE_ERROR

TOKEN_SIGNATURE_INVALID

VALIDATE_ACCESS_TOKEN_ERROR

TOKEN_VALIDATION_FAILED

INTROSPECT_TOKEN_ERROR

TOKEN_VALIDATION_FAILED

SEND_RESET_PASSWORD

SENSITIVE_DATA_ACCESSED

SEND_RESET_PASSWORD_ERROR

SENSITIVE_DATA_ACCESSED

RESET_PASSWORD

SENSITIVE_DATA_ACCESSED

RESET_PASSWORD_ERROR

SENSITIVE_DATA_ACCESSED

CLIENT_INFO

SENSITIVE_DATA_ACCESSED

CLIENT_INFO_ERROR

SENSITIVE_DATA_ACCESSED

CLIENT_UPDATE

SENSITIVE_DATA_ACCESSED

CLIENT_UPDATE_ERROR

SENSITIVE_DATA_ACCESSED

CLIENT_DELETE

SENSITIVE_DATA_ACCESSED

CLIENT_DELETE_ERROR

SENSITIVE_DATA_ACCESSED

DELETE_ACCOUNT

SENSITIVE_DATA_ACCESSED

DELETE_ACCOUNT_ERROR

SENSITIVE_DATA_ACCESSED

REGISTER

X_REGISTER

REGISTER_ERROR

X_REGISTER_ERROR

LOGOUT

X_LOGOUT

LOGOUT_ERROR

X_LOGOUT_ERROR

CODE_TO_TOKEN

X_CODE_TO_TOKEN

CODE_TO_TOKEN_ERROR

X_CODE_TO_TOKEN_ERROR

CLIENT_LOGIN

X_CLIENT_LOGIN

CLIENT_LOGIN_ERROR

X_CLIENT_LOGIN_ERROR

REFRESH_TOKEN

X_REFRESH_TOKEN

REFRESH_TOKEN_ERROR

X_REFRESH_TOKEN_ERROR

INTROSPECT_TOKEN

X_INTROSPECT_TOKEN

FEDERATED_IDENTITY_LINK

X_FEDERATED_IDENTITY_LINK

FEDERATED_IDENTITY_LINK_ERROR

X_FEDERATED_IDENTITY_LINK_ERROR

REMOVE_FEDERATED_IDENTITY

X_REMOVE_FEDERATED_IDENTITY

REMOVE_FEDERATED_IDENTITY_ERROR

X_REMOVE_FEDERATED_IDENTITY_ERROR

UPDATE_EMAIL

X_UPDATE_EMAIL

UPDATE_EMAIL_ERROR

X_UPDATE_EMAIL_ERROR

UPDATE_PROFILE

X_UPDATE_PROFILE

UPDATE_PROFILE_ERROR

X_UPDATE_PROFILE_ERROR

UPDATE_PASSWORD

X_UPDATE_PASSWORD

UPDATE_PASSWORD_ERROR

X_UPDATE_PASSWORD_ERROR

UPDATE_TOTP

X_UPDATE_TOTP

UPDATE_TOTP_ERROR

X_UPDATE_TOTP_ERROR

VERIFY_EMAIL

X_VERIFY_EMAIL

VERIFY_EMAIL_ERROR

X_VERIFY_EMAIL_ERROR

VERIFY_PROFILE

X_VERIFY_PROFILE

VERIFY_PROFILE_ERROR

X_VERIFY_PROFILE_ERROR

REMOVE_TOTP

X_REMOVE_TOTP

REMOVE_TOTP_ERROR

X_REMOVE_TOTP_ERROR

GRANT_CONSENT

X_GRANT_CONSENT

GRANT_CONSENT_ERROR

X_GRANT_CONSENT_ERROR

UPDATE_CONSENT

X_UPDATE_CONSENT

UPDATE_CONSENT_ERROR

X_UPDATE_CONSENT_ERROR

REVOKE_GRANT

X_REVOKE_GRANT

REVOKE_GRANT_ERROR

X_REVOKE_GRANT_ERROR

SEND_VERIFY_EMAIL

X_SEND_VERIFY_EMAIL

SEND_VERIFY_EMAIL_ERROR

X_SEND_VERIFY_EMAIL_ERROR

SEND_IDENTITY_PROVIDER_LINK

X_SEND_IDENTITY_PROVIDER_LINK

SEND_IDENTITY_PROVIDER_LINK_ERROR

X_SEND_IDENTITY_PROVIDER_LINK_ERROR

RESTART_AUTHENTICATION

X_RESTART_AUTHENTICATION

RESTART_AUTHENTICATION_ERROR

X_RESTART_AUTHENTICATION_ERROR

REGISTER_NODE

X_REGISTER_NODE

REGISTER_NODE_ERROR

X_REGISTER_NODE_ERROR

UNREGISTER_NODE

X_UNREGISTER_NODE

UNREGISTER_NODE_ERROR

X_UNREGISTER_NODE_ERROR

USER_INFO_REQUEST

X_USER_INFO_REQUEST

USER_INFO_REQUEST_ERROR

X_USER_INFO_REQUEST_ERROR

IDENTITY_PROVIDER_LINK_ACCOUNT

X_IDENTITY_PROVIDER_LINK_ACCOUNT

IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR

X_IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR

IDENTITY_PROVIDER_LOGIN

X_IDENTITY_PROVIDER_LOGIN

IDENTITY_PROVIDER_LOGIN_ERROR

X_IDENTITY_PROVIDER_LOGIN_ERROR

IDENTITY_PROVIDER_FIRST_LOGIN

X_IDENTITY_PROVIDER_FIRST_LOGIN

IDENTITY_PROVIDER_FIRST_LOGIN_ERROR

X_IDENTITY_PROVIDER_FIRST_LOGIN_ERROR

IDENTITY_PROVIDER_POST_LOGIN

X_IDENTITY_PROVIDER_POST_LOGIN

IDENTITY_PROVIDER_POST_LOGIN_ERROR

X_IDENTITY_PROVIDER_POST_LOGIN_ERROR

IDENTITY_PROVIDER_RESPONSE

X_IDENTITY_PROVIDER_RESPONSE

IDENTITY_PROVIDER_RESPONSE_ERROR

X_IDENTITY_PROVIDER_RESPONSE_ERROR

IDENTITY_PROVIDER_RETRIEVE_TOKEN

X_IDENTITY_PROVIDER_RETRIEVE_TOKEN

IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR

X_IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR

IMPERSONATE

X_IMPERSONATE

IMPERSONATE_ERROR

X_IMPERSONATE_ERROR

CUSTOM_REQUIRED_ACTION

X_CUSTOM_REQUIRED_ACTION

CUSTOM_REQUIRED_ACTION_ERROR

X_CUSTOM_REQUIRED_ACTION_ERROR

EXECUTE_ACTIONS

X_EXECUTE_ACTIONS

EXECUTE_ACTIONS_ERROR

X_EXECUTE_ACTIONS_ERROR

EXECUTE_ACTION_TOKEN

X_EXECUTE_ACTION_TOKEN

EXECUTE_ACTION_TOKEN_ERROR

X_EXECUTE_ACTION_TOKEN_ERROR

CLIENT_REGISTER

X_CLIENT_REGISTER

CLIENT_REGISTER_ERROR

X_CLIENT_REGISTER_ERROR

CLIENT_INITIATED_ACCOUNT_LINKING

X_CLIENT_INITIATED_ACCOUNT_LINKING

CLIENT_INITIATED_ACCOUNT_LINKING_ERROR

X_CLIENT_INITIATED_ACCOUNT_LINKING_ERROR

TOKEN_EXCHANGE

X_TOKEN_EXCHANGE

TOKEN_EXCHANGE_ERROR

X_TOKEN_EXCHANGE_ERROR

OAUTH2_DEVICE_AUTH

X_OAUTH2_DEVICE_AUTH

OAUTH2_DEVICE_AUTH_ERROR

X_OAUTH2_DEVICE_AUTH_ERROR

OAUTH2_DEVICE_VERIFY_USER_CODE

X_OAUTH2_DEVICE_VERIFY_USER_CODE

OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR

X_OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR

OAUTH2_DEVICE_CODE_TO_TOKEN

X_OAUTH2_DEVICE_CODE_TO_TOKEN

OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR

X_OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR

AUTHREQID_TO_TOKEN

X_AUTHREQID_TO_TOKEN

AUTHREQID_TO_TOKEN_ERROR

X_AUTHREQID_TO_TOKEN_ERROR

PERMISSION_TOKEN

X_PERMISSION_TOKEN

PERMISSION_TOKEN_ERROR

X_PERMISSION_TOKEN_ERROR

PUSHED_AUTHORIZATION_REQUEST

X_PUSHED_AUTHORIZATION_REQUEST

PUSHED_AUTHORIZATION_REQUEST_ERROR

X_PUSHED_AUTHORIZATION_REQUEST_ERROR

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses