[keycloak-dev] Impersonate should be logged like an error?
Bill Burke
bburke at redhat.com
Wed Jan 13 16:29:28 EST 2016
IMPERONATE replaces LOGIN event. So, based on that you can just group
all events under a certain user session to the impersonate one.
I changed my mind, I don't think this should be logged to the
console/log file by default. The event manage can be set up to manage
all this.
On 1/13/2016 4:16 PM, Marek Posolda wrote:
> Wonder if impersonated events shouldn't be normal events, but just
> have some prefix for them in type? For example IMPERSONATED_LOGIN,
> IMPERSONATED_LOGOUT, IMPERSONATED_TOKEN_REFRESH etc. Similarly like we
> have prefix in type for error events.
>
> And in all impersonated events, there might be also detail in the
> event identifying admin user who is impersonating.
>
> Hopefully this is easy to implement without touching too much files in
> codebase (but not sure) :)
>
> Marek
>
>
> On 13/01/16 21:51, Bill Burke wrote:
>> IMO, impersonate events should not be treated as a success (debug) event
>> and should be logged to the console/log file. Agreed?
>>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list