On 9 May 2016 at 14:55, Stian Thorgersen <sthorger@redhat.com> wrote:

On 9 May 2016 at 12:29, Marek Posolda <mposolda@redhat.com> wrote:

* Currently we support admin events just for 'success' cases. We don't
log any error situations or missing permissions. Is it sufficient?

+1 To errors, create a jira for 2.0.cr1

 

* Some minor usability issues:
** For both classic events and admin events, there is filtering by Date
(from or to). Couldn't we add some "nice" component for easily select
date? Also the "from" date is included, but "to" date is excluded. This
may not be obvious. Shouldn't we somehow  mention it in tooltips?

+1 PatternFly was about to add one when we did this, but it wasn't ready yet. JIRA for 2.0.cr1 please.

 

** In "Auth details" for admin events, there is filtering by "Realm" ,
"Client" or "User". It may not be obvious, that this points to IDs. To
be even more confusing, in "classic" events there is "Client" too, but
that points to clientId (not database ID). Also in many situations,
admins don't know the UserID or client database ID, so there is
additional action required from them that they need to lookup ID it
first. For clients, the client database ID is not even visible in admin
console, so they need to decode either from URL or from some existing
event. I wonder if we should add possibility to filter by "username" or
"clientId"? For users maybe even filtering by email? In case that
"username" or "email" or "clientId" is filled, admin will need to fill
the "realm" too.

Events doesn't always have username, username can also change over time. So user id isn't the reliable thing to use. We could add something to allow looking up userid by username or something though.

I meant user id is the only reliable thing to use. Same with "client-id" it can change, so id for clients is only thing that works over time.

 

 

_______________________________________________
keycloak-dev mailing list
keycloak-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev