Description

I like to have a request filter added that fills MDC data for logging with meaningful data like realm name, clientId, userId, ipAddress. It should be extendible, so a SPI is preferred.
Realm name and clientId can be added by default. UserId and ipAddress - though I consider them legimitate to be logged - may be considered problematic PII data by one or the others, so I would recommend that we don't add them by default.

Discussion

No response

Motivation

If Keycloak is used with a lot of realms maintained by different teams but the instance itself is managed by a central team, monitoring the logs, especially error logs, is problematic because only logs that relate to events contain realm name, client and user information. Especially exceptions don't contain this information. Thus it is nearly impossible to determine which realm has caused exceptions.
Additionally, it is not possible to provide realm maintainers a view on just their logs because there is no way to filter by realm in monitoring tools even if json logging is used because this information is just not present everywhere.

Details

Implementing a ContainerRequestFilter that sets values into MDC but delegating the actual key/value definition to a dedicated new SPI such that it can be configured and extended if required.