[keycloak-dev] Admin events questions

Stian Thorgersen sthorger at redhat.com
Mon May 9 08:56:23 EDT 2016 

On 9 May 2016 at 14:55, Stian Thorgersen <sthorger at redhat.com> wrote:

>
>
> On 9 May 2016 at 12:29, Marek Posolda <mposolda at redhat.com> wrote:
>
>> * Currently we support admin events just for 'success' cases. We don't
>> log any error situations or missing permissions. Is it sufficient?
>>
>
> +1 To errors, create a jira for 2.0.cr1
>
>
>>
>> * Some minor usability issues:
>> ** For both classic events and admin events, there is filtering by Date
>> (from or to). Couldn't we add some "nice" component for easily select
>> date? Also the "from" date is included, but "to" date is excluded. This
>> may not be obvious. Shouldn't we somehow  mention it in tooltips?
>>
>
> +1 PatternFly was about to add one when we did this, but it wasn't ready
> yet. JIRA for 2.0.cr1 please.
>
>
>>
>> ** In "Auth details" for admin events, there is filtering by "Realm" ,
>> "Client" or "User". It may not be obvious, that this points to IDs. To
>> be even more confusing, in "classic" events there is "Client" too, but
>> that points to clientId (not database ID). Also in many situations,
>> admins don't know the UserID or client database ID, so there is
>> additional action required from them that they need to lookup ID it
>> first. For clients, the client database ID is not even visible in admin
>> console, so they need to decode either from URL or from some existing
>> event. I wonder if we should add possibility to filter by "username" or
>> "clientId"? For users maybe even filtering by email? In case that
>> "username" or "email" or "clientId" is filled, admin will need to fill
>> the "realm" too.
>>
>
> Events doesn't always have username, username can also change over time.
> So user id isn't the reliable thing to use. We could add something to allow
> looking up userid by username or something though.
>

I meant user id is the only reliable thing to use. Same with "client-id" it
can change, so id for clients is only thing that works over time.


>
>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160509/e9cf79ed/attachment-0001.html

More information about the keycloak-dev mailing list