Activity Stream FAQ
Activity Stream Frequently Asked Questions
Frequently Asked Questions for Activity Stream.
What Events are captured by Activity Stream?
Authentication/Authorization/Access Control Events
With the current version of the Manhattan Identity & Access Management (Access Management 2.0), the following access control events are captured by Activity Stream:
- Native Database Events (Organization Database User)
- Successful Login
- Failed Login
- User Password is Locked
- User is Disabled
- Password Update Success
- Password Update Failure
- Password Reset Success
- Password Reset Failure
- Forgot Password Success
- Forgot Password Failure
- Federated Identity Providers Events (eg Okta, Azure, Ping Identity, and others)
- Successful Login via
- OAuth 2.0 Client
- SAML JIT
- OIDC JIT
- IdP Pass Through for Direct (Password Grant)
- Failed Login
- OAuth 2.0 Client
- SAML JIT
- OIDC JIT
- IdP Pass Through for Direct (Password Grant)
- Successful Login via
- Other Events
- Obtaining an Access Token using Postman REST Client
REST API Gateway Events
HTTP-based REST API traffic intercepted by the Manhattan Active API Gateway is captured and recorded as events. This includes:
- Inbound API calls originating from outside the Manhattan Active Platform’s VPC
- Outbound API calls that originate from within the Manhattan Active Platform’s VPC (from Business Components through XBOUND)
Message Processing Events
The Manhattan Activity Stream also captures various message processing during Printing, Wave Processing, and other similar actions. As Message Publishers publish messages for consumers to consume, Activity Stream Messages published during the consumer processing include the elapsed time among other things.
What is the target of the Events/Message Publishing?
The Target of the Activity Stream Events/Message Publishing is a single Google PubSub Topic named activity-stream.
What is the name of the GCP PubSub activity-stream subscription?
The subscription for the activity stream ends with “x”. It usually has the format activity-stream-%-x.
How quickly should I acknowledge a message that I have consumed?
When Google PubSub receives an acknowledgment from a consumer, it marks the message for deletion. If the message is not acknowledged within a configurable limit, it is resent which could lead to duplicate processing by the consumer. The default acknowledgment limit is 10 seconds (check the latest from Google Cloud Docs) but it can be increased (not recommended).
Recommendations for Consumers:
- Ensure all processing paths result in Acknowledgement within the time limit (eg a final block)
Problems to avoid:
- Sending an acknowledgment before persisting/committing the received message may lead to message/data loss if the underlying storage platform later receives an error/exception after the acknowledgement is sent
- Sending the acknowledgment after 10 seconds makes Google PubSub think the message processing has failed at the consumer end and it tries to resend the message again resulting in duplicate messages
Should a Message Consumer expect duplicate messages from Google PubSub?
Yes. Consumers of Google PubSub may sometimes observe duplicate messages, even if a message was published only once. Client libraries used to consume messages include various fail/retry logic to handle network latency and connectivity issues. The same payload may appear more than once with two different message ids if the client receives the original message but fails to acknowledge it within the stipulated 10 seconds (default).
Besides, Google uses the same acknowledgment mechanism to confirm client libraries are publishing messages to PubSub. If due to various reasons (such as network latency), the client library publishing messages does not get the acknowledgement from Google in time, it will indeed send a new message with the same payload resulting in duplicates.
How should a Message Consumer recognize and handle duplicate messages?
Duplicate messages received from Google PubSub topics have unique Message IDs but the business payload is the same. Message Consumers should expect duplicate messages and keep track of recent business keys/primary keys from the payload of processed messages to ensure that the message has not already been processed/persisted. In essence, all message consumers should be Idempotent.
What are common targets for storing Activity Stream events?
Customers may choose to consume the Activity Stream messages from the topic and store the data in any of the following:
- Database: Any Relational Database like MySQL, Postgrace, Microsoft SQL Server, Oracle, DB2 and others
- Service: Application Monitoring Tools like Dynatrace, DataDog, Splunk, and Prometheus have their POST REST APIs to consume new telemetry and, if used, can be used to build useful Dashboards for Alerting/Monitoring.
- Data Lake: Any Big data platform like Google BigQuery, Snowflake, Azure Data Lakes, or AWS RedShift can be used as a sink/target data store
Do I need to write code to consume Activity Stream events?
No. Several Customers have used third-party tools such as Dell Boomi, Mulesoft, Securonix, etc., to consume messages from Activity Stream subscriptions and process them.
What is a Service Account?
A Service Account is a system user used by applications to connect securely to Google Cloud Services. Service Accounts can be assigned the same roles and permissions as a human user. Service Accounts may be identified by a unique set of keyed data (a JSON file). These JSON Keys may be used by Customer-owned clients to connect to Google PubSub and consume messages.
How many Service Accounts are needed for consuming messages from Activity Stream?
One for each customer environment. This is generally two (for stage and production).
How to request a Service Account?
Customers can request a service account by Creating a Ticket in Salesforce.
How does Manhattan Operations share a Service Account with its customers?
When Manhattan Operations creates a Service Account and its associated JSON key, it is shared using Secure Mail.
What IAM Roles are required for a Service Account to access Activity Stream messages with Google PubSub?
The following IAM roles should be assigned to the service account that is used to consume messages published:
- PubSub Subscriber
- PubSub Editor
What performance considerations are recommended when developing an application to generate alerts from Activity Stream events?
It is important to consider the potential volume and rate of messages that are published. When developing an application that consumes Activity Stream events and generates alerts, it must scale to read (and acknowledge) messages to keep pace with the publishing rate. If the consumer lags (by more than 15 minutes) behind the publishing rate, then the alert will fall behind, reducing its effectiveness.
What kinds of publishing rates and message sizes can be expected for staging and production environments?
- Design Criteria 1: Customer-owned Consumer is responsible for Scaling Properly to consume all the messages to avoid the Alerting System from Message Consumption Lag
- Design Criteria 2: If a million messages are waiting to be consumed and the Customer is running a low number of consumers, the Alerting System will not achieve its goal.
Do Activity Stream messages contain request and response payloads?
No. Activity Stream event messages do not contain request and response payloads (by default) for the following reasons:
- Size: Many times, the Response (and sometimes the Request) payloads add to the size of the overall Message and exceed Google’s PubSub message limits.
- Sensitive Data: Payloads for some API endpoints may contain Sensitive data. Personal Identifying Information (PII) or Payment Card Industry (PCI) cannot be exported from a Manhattan Active solution.
- Publishing Rate: Increasing the size of Activity Stream Event Messages published increases the network and processing performance requirements for consumers to keep pace.
How are different Activity Stream Events identified?
Events published to the Activity Stream record data as key-value pairs in the eventAttributes object. The x-activitystream-event-type key contains a different value based on the event as follows:
- zuul.request: An HTTP Request captured by the Manhattan Active API Gateway (Zuul Server)
- zuul.response: An HTTP Response captured by the Manhattan Active API Gateway (Zuul Server)
- auth.request: An Authorization Request received by Manhattan Access Management 1.0
- auth.response: An Authorization Request received by Manhattan Access Management 1.0
- Keycloak.request: An Authorization Request received by the Manhattan Access Management 2.0
- Keycloak.response: An Authorization Response received by the Manhattan Access Management 2.0
- Keycloak.custom: Other events captured by the Manhattan Access Management 2.0
- awpf.request: An asynchronous message posted
- awpf.response: An asynchronous message that was consumed
How do messages for Activity Stream events relate to one another?
Many events captured in the Activity Stream are paired as a request and its response (eg REST API calls, Authentication Requests). Both the request and its response are posted as separate messages to the Activity stream which have the same unique id (UUID) in the x-activitystream-request-id key field of the eventAttributes object.
How is the duration of an event recorded in the Activity Stream?
Response events published to the activity record the duration of time from the original request in the x-activitystream-elapsed-time key field of the eventAttributes object.
How does the client source IP of an event get recorded in the Activity Stream?
The IP Address of the client source is recorded in the x-real-ip key field of the eventAttributes object for both requests and responses.
How does a Consumer get the status code for processing the request?
The Consumer can get the HTTP status code by reading the x-activitystream-status-code attribute of the response event.
Is there a JSON Schema to describe the fields?
The following is a JSON Schema for the Activity Stream Event Payload.
Activity Stream JSON Schema
[{
"table_name": "activities_v5",
"columns": [{
"column_name": "timestamp",
"data_type": "TIMESTAMP",
"description": "timestamp activity created on. i.e. The time someone tried to login, call an API etc."
}, {
"column_name": "id",
"data_type": "STRING",
"description": "unique message id"
}, {
"column_name": "event_type",
"data_type": "STRING",
"description": "report discriminator, e.g. zuul.request zuul.response etc"
}, {
"column_name": "elapsed_time",
"data_type": "INT64",
"description": "time taken to process the request and generate a response, in milliseconds"
}, {
"column_name": "resource_method",
"data_type": "STRING",
"description": "request method used for accessing API, e.g. GET"
}, {
"column_name": "resource_api",
"data_type": "STRING",
"description": "resource API with parameters; lifted from parameterizedPath"
}, {
"column_name": "request_path",
"data_type": "STRING",
"description": "actual request path used by client"
}, {
"column_name": "status_code",
"data_type": "INT64",
"description": "status code should be an INT64; e.g. 200"
}, {
"column_name": "status",
"data_type": "STRING",
"description": "status string; e.g. OK, Accepted"
}, {
"column_name": "remote_addr",
"data_type": "STRING",
"description": "remote IP address of API requestor"
}, {
"column_name": "context_id",
"data_type": "STRING",
"description": "id populated from context or Zuul / XBound request; may repeat"
}, {
"column_name": "organization_id",
"data_type": "STRING",
"description": "lifted from organizationId, x-activitystream-userorg"
}, {
"column_name": "store_profile_type_id",
"data_type": "STRING",
"description": "Applicable for Active Omni Customers"
}, {
"column_name": "user_id",
"data_type": "STRING",
"description": "lifted from userId, x-activitystream-user"
}, {
"column_name": "thread_id",
"data_type": "STRING",
"description": "Only meant for internal use"
}, {
"column_name": "component_name",
"data_type": "STRING",
"description": "Only meant for internal use"
}, {
"column_name": "component_tag",
"data_type": "STRING",
"description": "Only meant for internal use"
}, {
"column_name": "component_stereotype",
"data_type": "STRING",
"description": "Only meant for internal use"
}, {
"column_name": "instance_id",
"data_type": "STRING",
"description": "for components, pod id; may be reused from pulse, Only meant for internal use"
}, {
"column_name": "active_release_id",
"data_type": "STRING",
"description": "Only meant for internal use"
}, {
"column_name": "code_drop_id",
"data_type": "STRING",
"description": "Only meant for internal use"
}, {
"column_name": "environment_type",
"data_type": "STRING",
"description": "Only meant for internal use"
}, {
"column_name": "customer_code",
"data_type": "STRING",
"description": "Only meant for internal use"
}, {
"column_name": "stack_name",
"data_type": "STRING",
"description": "Only meant for internal use"
}, {
"column_name": "stack_alias",
"data_type": "STRING",
"description": "Only meant for internal use"
}, {
"column_name": "data_type",
"data_type": "STRING",
"description": "Only meant for internal use"
}, {
"column_name": "data_size",
"data_type": "INT64",
"description": "Only meant for internal use"
}, {
"column_name": "event_data",
"data_type": "STRING",
"description": "Optional"
}, {
"column_name": "request_id",
"data_type": "STRING",
"description": "lifted from x-activitystream-clientrequestid"
}, {
"column_name": "location_id",
"data_type": "STRING",
"description": "lifted from x-activitystream-location"
}, {
"column_name": "store_id",
"data_type": "STRING",
"description": "lifted from x-activitystream-store"
}, {
"column_name": "register_id",
"data_type": "STRING",
"description": "lifted from x-activitystream-registerid"
}, {
"column_name": "device_id",
"data_type": "STRING",
"description": "lifted from x-activitystream-deviceId"
}, {
"column_name": "order_id",
"data_type": "STRING",
"description": "lifted from x-activitystream-order"
}, {
"column_name": "device_platform",
"data_type": "STRING",
"description": "lifted from x-activitystream-device-platform"
}, {
"column_name": "device_os",
"data_type": "STRING",
"description": "lifted from x-activitystream-device-os"
}, {
"column_name": "device_version",
"data_type": "STRING",
"description": "lifted from x-activitystream-device-version"
}, {
"column_name": "device_model",
"data_type": "STRING",
"description": "lifted from x-activitystream-device-model"
}, {
"column_name": "device_manufacturer",
"data_type": "STRING",
"description": "lifted from x-activitystream-device-manufacturer"
}, {
"column_name": "browser_name",
"data_type": "STRING",
"description": "lifted from x-activitystream-browsername"
}, {
"column_name": "app_version",
"data_type": "STRING",
"description": "lifted from x-activitystream-appversion"
}, {
"column_name": "signal_strength",
"data_type": "STRING",
"description": "lifted from x-activitystream-signalstrength"
}, {
"column_name": "roundtrip_time",
"data_type": "INT64",
"description": "lifted from x-activitystream-roundtriptime"
}, {
"column_name": "namespace",
"data_type": "STRING",
"description": "lifted from x-activitystream-namespace"
}, {
"column_name": "event_timestamp",
"data_type": "TIMESTAMP",
"description": "lifted from x-activitystream-event-timestamp"
}, {
"column_name": "pagename",
"data_type": "STRING",
"description": "lifted from x-activitystream-pagename"
}, {
"column_name": "error_type",
"data_type": "STRING",
"description": "error type; e.g. client, server, none"
}, {
"column_name": "is_error",
"data_type": "BOOL",
"description": "error flag; true/false"
}, {
"column_name": "response_time_bucket",
"data_type": "STRING",
"description": "response time in seconds"
}, {
"column_name": "nginx_id",
"data_type": "STRING",
"description": "lifted from x-request-id"
}, {
"column_name": "invoke_id",
"data_type": "STRING",
"description": "lifted from x-activitystream-invoke-id"
}, {
"column_name": "trace_id",
"data_type": "STRING",
"description": "lifted from CP-TRACE-ID"
}, {
"column_name": "tenant_id",
"data_type": "STRING",
"description": "lifted from tenantid"
}, {
"column_name": "content_type",
"data_type": "STRING",
"description": "lifted from content_type"
}, {
"column_name": "content_length",
"data_type": "INT64",
"description": "lifted from content_length"
}, {
"column_name": "user_agent",
"data_type": "STRING",
"description": "lifted from user_agent"
}, {
"column_name": "build_date",
"data_type": "TIMESTAMP",
"description": "lifted from x-activitystream-builddate"
}, {
"column_name": "extension_point",
"data_type": "STRING",
"description": "lifted from awpf-activitystream-extension-point"
}, {
"column_name": "extension_handler",
"data_type": "STRING",
"description": "lifted from awpf-activitystream-extension-handler"
}, {
"column_name": "entry_condition_met",
"data_type": "BOOL",
"description": "lifted from awpf-activitystream-is-entry-condition-met"
}, {
"column_name": "failure_reason",
"data_type": "STRING",
"description": "lifted from awpf-activitystream-is-entry-condition-met"
}, {
"column_name": "custom_build_date",
"data_type": "TIMESTAMP",
"description": "lifted from x-activitystream-custombuilddate"
}, {
"column_name": "base_app_version",
"data_type": "STRING",
"description": "lifted from x-activitystream-baseappversion"
}, {
"column_name": "geohash",
"data_type": "STRING",
"description": "lifted from geohash"
}, {
"column_name": "georegion",
"data_type": "STRING",
"description": "lifted from georegion"
}, {
"column_name": "action",
"data_type": "STRING",
"description": "lifted from x-activitystream-action"
}, {
"column_name": "event_attributes",
"data_type": "JSON",
"description": "Uncategorized / unlifted event attributes"
}]
}]
Sample Activity Stream Messages
REST API Gateway Events
HTTP REST API request messages captured by the API Gateway (Zuul Server) for an environment are posted to the Activity Stream with an eventType of zuul.request.
REST API Gateway Request Message
{
"id": "1120506062",
"eventType": "zuul.request",
"timestamp": "2025-01-20T02:40:18.731Z",
"eventAttributes": {
"via": "1.1 google",
"host": "*****.sce.manh.com",
"accept": "application/json, application/json",
"userId": "*****",
"tenantId": "****spr11o",
"threadId": "122",
"x-scheme": "https",
"stackName": "****spr11o",
"x-real-ip": "50.x.x.126",
"codeDropId": "2.2.3.37",
"stackAlias": "*****",
"islocalized": "true",
"tls-version": "TLSv1.3",
"componentTag": "10.16.0-2e63256",
"content-type": "application/json",
"customerCode": "****",
"geoip-region": "US",
"x-request-id": "**************0af742aabdaf35647d",
"componentName": "com-manh-cp-zuulserver",
"content-length": "28327",
"organizationId": "WMET",
"param_Location": "WMET",
"activeReleaseId": "2024-09",
"environmentType": "p",
"x-forwarded-host": "*****.sce.manh.com",
"x-forwarded-port": "443",
"geoip-client-city": "Mount*******",
"upstreamComponent": "dmmobile-facade",
"x-forwarded-proto": "https",
"param_Organization": "WMET",
"x-forwarded-scheme": "https",
"componentInstanceId": "com-manh-cp-zuulserver-zuulserver-59cbd5d459-vcksr",
"componentStereotype": "ALL",
"x-activitystream-url": "/dmmobile-facade/services/rest/workflow/execute/workflowScriptName/Pick/stateName/AcceptQuantity/actionName/AcceptQuantity",
"geoip-client-lat-long": "48.729314,-97.107386",
"x-cloud-trace-context": "3c7e9739f1f80cc852b3703825f5620b/2397645423678738909",
"param_selectedLocation": "WMET",
"geoip-client-subdivision": "USVA",
"x-original-forwarded-for": "50.x.x.126,34.x.x.124",
"param_SelectedBusinessUnit": "",
"param_selectedOrganization": "WMET",
"x-activitystream-invoke-id": "****-9559-494a-aaff-f981da48a715",
"x-activitystream-namespace": "voice-app-wm",
"x-activitystream-event-type": "zuul.request",
"x-activitystream-request-id": "22350b830174c00af742aabdaf35647d",
"x-activitystream-resource-api": "/dmmobile-facade/services/rest/workflow/execute/workflowScriptName/Pick/stateName/AcceptQuantity/actionName/AcceptQuantity",
"x-activitystream-remote-address": "50.*.*.126",
"x-activitystream-request-method": "POST",
"x-activitystream-request-timestamp": "1737340818730"
}
}
HTTP REST API response messages captured by the API Gateway (Zuul Server) for an environment are posted to the Activity Stream with an eventType of zuul.response.
REST API Gateway Response Message
{
"id": "944858217",
"eventType": "zuul.response",
"timestamp": "2025-01-20T12:22:21.139Z",
"eventAttributes": {
"via": "1.1 google",
"host": "****.sce.manh.com",
"accept": "*/*",
"cookie": "zuulserver_SAVED_REQUEST=; com-manh-cp-zuulserver_JSESSIONID=****-5294-4596-b205-f19642e2ce72; XSRF-TOKEN=****-0550-473a-9297-f99af5d165fe",
"locale": "\"en_US\"",
"origin": "https://****.sce.manh.com",
"userId": "********",
"referer": "https://****.sce.manh.com/cdn/udc/15-19-9/2501090954/log-worker.js",
"priority": "u=1, i",
"tenantId": "****spr11o",
"threadId": "160",
"x-scheme": "https",
"stackName": "****spr11o",
"x-real-ip": "50.x.x.126",
"codeDropId": "2.2.3.37",
"stackAlias": "****p",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0",
"CP-TRACE-ID": "cc918dd054bac77c",
"tls-version": "TLSv1.3",
"componentTag": "10.16.0-2e63256",
"content-type": "application/json",
"customerCode": "****",
"geoip-region": "US",
"x-request-id": "af27a59cfc4b4ef8bd3808c568c9c602",
"x-xsrf-token": "6393338b-0550-473a-9297-f99af5d165fe",
"componentName": "com-manh-cp-zuulserver",
"COMPONENT_NAME": "com-manh-cp-zuulserver",
"content-length": "659",
"organizationId": "ACI-SC",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-origin",
"accept-encoding": "gzip, deflate, br, zstd",
"accept-language": "en-US,en;q=0.9,es;q=0.8",
"activeReleaseId": "2024-09",
"environmentType": "p",
"x-forwarded-host": "****.sce.manh.com",
"x-forwarded-port": "443",
"geoip-client-city": "Mount Vernon",
"upstreamComponent": "commonui-facade",
"x-forwarded-proto": "https",
"x-forwarded-scheme": "https",
"componentInstanceId": "com-manh-cp-zuulserver-zuulserver-59cbd5d459-56cv6",
"componentStereotype": "ALL",
"x-activitystream-url": "/commonui-facade/api/commonui-facade/dumpLog",
"COMPONENT_INSTANCE_ID": "com-manh-cp-zuulserver-zuulserver-59cbd5d459-56cv6",
"COMPONENT_STEREO_TYPE": "ALL",
"X-Application-Context": "com-manh-cp-zuulserver:docker,sc,cloud,kubernetes,gcp,albt,p,albtp,albtspr11o:8990",
"geoip-client-lat-long": "38.729314,-77.107386",
"x-cloud-trace-context": "1af413f60c272925e15d931b8b5b5280/12101192973808972235",
"geoip-client-subdivision": "USVA",
"x-original-forwarded-for": "50.x.x.126,34.x.x.124",
"x-activitystream-invoke-id": "****-d97e-4c17-97fb-b37cff7efb7f",
"x-activitystream-event-type": "zuul.response",
"x-activitystream-request-id": "****a59cfc4b4ef8bd3808c568c9c602",
"x-activitystream-status-code": 200,
"Access-Control-Expose-Headers": "x-activitystream-elapsed-time",
"x-activitystream-elapsed-time": "9",
"x-activitystream-resource-api": "/commonui-facade/api/commonui-facade/dumpLog",
"x-activitystream-remote-address": "50.x.x.126",
"x-activitystream-request-method": "POST",
"x-activitystream-request-timestamp": "1737375741130",
"x-activitystream-response-timestamp": "1737375741139"
}
}Messaging Events
Asynchronous messages captured and posted to an environment are posted to the Activity Stream with an eventType of awpfEvent.
Message Posted Event
{
"id": "-412349973",
"eventType": "awpfEvent",
"timestamp": "2025-01-20T12:33:12.315Z",
"eventAttributes": {
"userId": "MHE****",
"tenantId": "****spr11o",
"threadId": "233",
"contextId": "****eac9120a8d5b::d67b446c5383cb52",
"stackName": "****spr11o",
"codeDropId": "2.2.3.37",
"stackAlias": "****p",
"userLocale": "\"en\"",
"componentTag": "20.114.3-a2d3f5f",
"customerCode": "albt",
"userTimeZone": "US/Pacific",
"componentName": "com-manh-cp-dmmobile-facade",
"organizationId": "ACI-SC",
"activeReleaseId": "2024-09",
"environmentType": "p",
"componentInstanceId": "com-manh-cp-dmmobile-facade-com-manh-cp-dmmobile-facade-**********-mckvj",
"componentStereotype": "REST",
"awpf-activitystream-status": "SUCCESS",
"x-activitystream-event-type": "awpfEvent",
"x-activitystream-resource-api": "/services/rest/workflow/execute/workflowScriptName/Pick/stateName/AcceptQuantity/actionName/AcceptQuantity",
"x-activitystream-request-method": "POST",
"awpf-activitystream-extension-point": "DMM:GenericHeader:DslExtension:MAALBTEX37AcceptQuantityPostInit",
"awpf-activitystream-extension-handler": "MAALBTEX**AcceptQuantityPostInit",
"awpf-activitystream-event-processing-time": 41,
"awpf-activitystream-is-entry-condition-met": true
}
}Authentication/Authorization/Access Control Events
When a user has successfully logged into the environment, an event is added to the Activity Stream with no eventType, but it has the x-activitystream-event-type of keycloak.custom in its eventAttributes.
Successful Login Event
{
"id": "1740880381480",
"timestamp": "2025-03-02T20:57:51.017Z",
"eventAttributes": {
"via": "1.1 google",
"host": "cmlap-auth.sce.manh.com",
"path": "/realms/maactive/login-actions/post-broker-login",
"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"cookie": "AUTH_SESSION_ID=*****",
"method": "GET",
"priority": "u=0, i",
"threadId": "157",
"x-scheme": "https",
"loginMode": "IDP",
"sec-ch-ua": "\"Not(A:Brand\";v=\"99\", \"Google Chrome\";v=\"133\", \"Chromium\";v=\"133\"",
"sessionId": "**********C6F6693ABF6F17A18FC47589B",
"stackName": "****spr11o",
"x-real-ip": "180.*.*.113",
"codeDropId": "2.2.7.27",
"requestURI": "/auth/realms/maactive/login-actions/post-broker-login",
"stackAlias": "****p",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36",
"loginStatus": "Successful",
"queryString": "client_id=zuulserver.1.0.0&tab_id=Jz4YwXq4S44",
"tls-version": "QUIC",
"componentTag": "1.0.0-latest",
"customerCode": "****",
"geoip-region": "AU",
"x-request-id": "***************f5e9649d6e3ece86b",
"cache-control": "max-age=0",
"componentName": "com-manh-cp-keycloak",
"param_username": "jess@*****************",
"sec-fetch-dest": "document",
"sec-fetch-mode": "navigate",
"sec-fetch-site": "cross-site",
"accept-encoding": "gzip, deflate, br, zstd",
"accept-language": "en-GB,en-US;q=0.9,en;q=0.8",
"activeReleaseId": "2023-12",
"environmentType": "p",
"sec-ch-ua-mobile": "?0",
"x-forwarded-host": "****p-auth.sce.manh.com",
"x-forwarded-port": "443",
"geoip-client-city": "Me***",
"x-forwarded-proto": "https",
"sec-ch-ua-platform": "\"Windows\"",
"x-forwarded-scheme": "https",
"componentInstanceId": "com-manh-cp-keycloak-keycloak-*******d-98dcx",
"componentStereotype": "ALL",
"geoip-client-lat-long": "-**.813628,***.963058",
"x-cloud-trace-context": "*********c394a60b55d405ddbfc23/8253383120543991573",
"geoip-client-subdivision": "AUVIC",
"x-original-forwarded-for": "180.*.*.113,34.*.*.46",
"upgrade-insecure-requests": "1",
"x-activitystream-event-type": "keycloak.custom",
"x-activitystream-elapsed-time": "69 ms"
}
}
HTTP Requests to acquire an access token are posted to the Activity Stream with no eventType, but they have the x-activitystream-event-type of keycloak.request in their eventAttributes.
Access Token Request Event
{
"id": "1740880384195",
"timestamp": "2025-03-02T21:34:52.807Z",
"eventAttributes": {
"via": "1.1 google, 1.1 google",
"host": "****p-auth.sce.manh.com",
"accept": "application/json, application/x-www-form-urlencoded",
"cookie": "JSESSIONID=5DA31276447B6EBBEC81A2587******; KEYCLOAK_LOCALE=en",
"pragma": "no-cache",
"tenantId": "****spr11o",
"threadId": "157",
"x-scheme": "https",
"stackName": "****spr11o",
"x-real-ip": "35.*.*.74",
"codeDropId": "2.2.7.27",
"stackAlias": "****p",
"user-agent": "Java/11.0.22",
"method+path": "POST+/auth/realms/maactive/protocol/openid-connect/token",
"tls-version": "TLSv1.3",
"x-b3-spanid": "6e61cf38baca7c39",
"componentTag": "1.0.0-latest",
"content-type": "application/x-www-form-urlencoded;charset=UTF-8",
"customerCode": "****",
"geoip-region": "AU",
"x-b3-sampled": "1",
"x-b3-traceid": "5c0060f7e4e6707d",
"x-request-id": "07fb7451294a763b6012a96f22c5fe4e",
"cache-control": "no-cache",
"componentName": "com-manh-cp-keycloak",
"content-length": "274",
"param_username": "warehouse@*************.com",
"accept-encoding": "gzip,deflate",
"activeReleaseId": "2023-12",
"environmentType": "p",
"param_grant_type": "password",
"x-forwarded-host": "cmlap-auth.sce.manh.com",
"x-forwarded-port": "443",
"geoip-client-city": "Sydney",
"x-b3-parentspanid": "5c0060f7e4e6707d",
"x-forwarded-proto": "https",
"x-forwarded-scheme": "https",
"componentInstanceId": "com-manh-cp-keycloak-keycloak-767778566d-98dcx",
"componentStereotype": "ALL",
"x-activitystream-url": "/auth/realms/maactive/protocol/openid-connect/token",
"geoip-client-lat-long": "-3*.868***,15*.209***",
"x-cloud-trace-context": "10f2f27245e98775574badc5fc2ae84b/8363174625533109236",
"geoip-client-subdivision": "AUNSW",
"x-original-forwarded-for": "35.*.*.74,34.*.*.46",
"x-activitystream-invoke-id": "24ad8a75-adba-4430-b7b7-4850611882cb",
"x-activitystream-event-type": "keycloak.request",
"x-activitystream-request-id": "07fb7451294a763b6012a96f22c5fe4e",
"x-activitystream-resource-api": "/auth/realms/maactive/protocol/openid-connect/token",
"x-activitystream-remote-address": "35.*.*.74",
"x-activitystream-request-method": "POST",
"x-activitystream-request-timestamp": "1740951292806"
}
}Feedback
Was this page helpful?