<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 09/05/16 14:56, Stian Thorgersen
wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAfrARag52NVghBGMLEWvNEe8-xG66PpssO7oVJJhGvzEw@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 9 May 2016 at 14:55, Stian
Thorgersen <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote"><span class="">On 9 May 2016
at 12:29, Marek Posolda <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:mposolda@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:mposolda@redhat.com">mposolda@redhat.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0
0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">* Currently we support
admin events just for 'success' cases. We don't<br>
log any error situations or missing permissions.
Is it sufficient?<br>
</blockquote>
<div><br>
</div>
</span>
<div>+1 To errors, create a jira for 2.0.cr1</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
<a class="moz-txt-link-freetext" href="https://issues.jboss.org/browse/KEYCLOAK-2982">https://issues.jboss.org/browse/KEYCLOAK-2982</a><br>
<blockquote
cite="mid:CAJgngAfrARag52NVghBGMLEWvNEe8-xG66PpssO7oVJJhGvzEw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote"><span class="">
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0
0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<br>
* Some minor usability issues:<br>
** For both classic events and admin events,
there is filtering by Date<br>
(from or to). Couldn't we add some "nice"
component for easily select<br>
date? Also the "from" date is included, but "to"
date is excluded. This<br>
may not be obvious. Shouldn't we somehow
mention it in tooltips?<br>
</blockquote>
<div><br>
</div>
</span>
<div>+1 PatternFly was about to add one when we did
this, but it wasn't ready yet. JIRA for 2.0.cr1
please.</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
<a class="moz-txt-link-freetext" href="https://issues.jboss.org/browse/KEYCLOAK-2983">https://issues.jboss.org/browse/KEYCLOAK-2983</a><br>
<blockquote
cite="mid:CAJgngAfrARag52NVghBGMLEWvNEe8-xG66PpssO7oVJJhGvzEw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote"><span class="">
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0
0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
<br>
** In "Auth details" for admin events, there is
filtering by "Realm" ,<br>
"Client" or "User". It may not be obvious, that
this points to IDs. To<br>
be even more confusing, in "classic" events
there is "Client" too, but<br>
that points to clientId (not database ID). Also
in many situations,<br>
admins don't know the UserID or client database
ID, so there is<br>
additional action required from them that they
need to lookup ID it<br>
first. For clients, the client database ID is
not even visible in admin<br>
console, so they need to decode either from URL
or from some existing<br>
event. I wonder if we should add possibility to
filter by "username" or<br>
"clientId"? For users maybe even filtering by
email? In case that<br>
"username" or "email" or "clientId" is filled,
admin will need to fill<br>
the "realm" too.<br>
</blockquote>
<div><br>
</div>
</span>
<div>Events doesn't always have username, username
can also change over time. So user id isn't the
reliable thing to use. We could add something to
allow looking up userid by username or something
though.</div>
</div>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>I meant user id is the only reliable thing to use. Same
with "client-id" it can change, so id for clients is only
thing that works over time.</div>
</div>
</div>
</div>
</blockquote>
Yeah, I meant that if you filter by username (or email or clientId),
you will be required to fill the realm too. Then it's the
responsibility of RealmAdminResource.getEvents to lookup user by
realm+username and sent the found userID to EventStore for filtering
by. So EventsStore will be unchanged and will still persist just the
userId + client DB ID. <br>
<br>
Marek<br>
<blockquote
cite="mid:CAJgngAfrARag52NVghBGMLEWvNEe8-xG66PpssO7oVJJhGvzEw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote"><span class="">
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0
0 .8ex;border-left:1px #ccc
solid;padding-left:1ex">
_______________________________________________<br>
keycloak-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org"
target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote>
</span></div>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</body>
</html>