Well, the server event is quite limited. There is no way to distinguish the
operations done by admin from the operations done by user, if both are
using the application at the same time. Unless the Keycloak principal
contain some magic session key I can match later with event audit.
What's the procedure to create Feature request? Just fill a bug?
On Fri, Jan 13, 2017 at 7:25 AM Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Surprisingly enough, no it's not possible at the moment. The
assumption
that was made was that impersonation was not something the app should care
about. Can you audit this on the Keycloak server side instead? The login
event has details that shows it's impersonated including the impersonator.
Feel free to create a feature request for this.
On 10 January 2017 at 13:09, David Delbecq <david_delbecq(a)trimble.com>
wrote:
Hello,
for audit reason, our application need to be able to make the difference
between "userA" and "userA impersonated by admin xyz". Is there some
way
from the client point of view to make a difference between a logged in user
and an admin impersonating that user? Is it possible to add some property
in KeycloakPrincipal to detect it? And possiblity get the name of the admin
doing it?
--
<
http://www.trimble.com/>
David Delbecq
Software engineer, Transport & Logistics
Geldenaaksebaan 329, 1st floor | 3001 Leuven
+32 16 391 121 <+32%2016%20391%20121> Direct
david.delbecq(a)trimbletl.com
<
http://www.trimbletl.com/>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
<
http://www.trimble.com/>
David Delbecq
Software engineer, Transport & Logistics
Geldenaaksebaan 329, 1st floor | 3001 Leuven
+32 16 391 121 <+32%2016%20391%20121> Direct
david.delbecq(a)trimbletl.com
<
http://www.trimbletl.com/>