There is a server event created when the admin impersonates the user. This
does indeed have a session key (no magic though), which all other events
for the session has (app login to same session, logout, etc..)./
On 13 January 2017 at 16:30, David Delbecq <david_delbecq(a)trimble.com>
wrote:
Well, the server event is quite limited. There is no way to
distinguish
the operations done by admin from the operations done by user, if both are
using the application at the same time. Unless the Keycloak principal
contain some magic session key I can match later with event audit.
What's the procedure to create Feature request? Just fill a bug?
On Fri, Jan 13, 2017 at 7:25 AM Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> Surprisingly enough, no it's not possible at the moment. The assumption
> that was made was that impersonation was not something the app should care
> about. Can you audit this on the Keycloak server side instead? The login
> event has details that shows it's impersonated including the impersonator.
>
> Feel free to create a feature request for this.
>
> On 10 January 2017 at 13:09, David Delbecq <david_delbecq(a)trimble.com>
> wrote:
>
> Hello,
>
> for audit reason, our application need to be able to make the difference
> between "userA" and "userA impersonated by admin xyz". Is there
some way
> from the client point of view to make a difference between a logged in
> user
> and an admin impersonating that user? Is it possible to add some property
> in KeycloakPrincipal to detect it? And possiblity get the name of the
> admin
> doing it?
>
> --
> <
http://www.trimble.com/>
>
>
> David Delbecq
> Software engineer, Transport & Logistics
> Geldenaaksebaan 329, 1st floor | 3001 Leuven
>
> +32 16 391 121 <+32%2016%20391%20121> Direct
> david.delbecq(a)trimbletl.com
> <
http://www.trimbletl.com/>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
> --
<
http://www.trimble.com/>
David Delbecq
Software engineer, Transport & Logistics
Geldenaaksebaan 329, 1st floor | 3001 Leuven
+32 16 391 121 <+32%2016%20391%20121> Direct
david.delbecq(a)trimbletl.com
<
http://www.trimbletl.com/>