[keycloak-dev] Impersonate should be logged like an error?

Stian Thorgersen sthorger at redhat.com
Thu Jan 14 02:50:30 EST 2016


So we already have an IMPERSONATE event? Does it include details about the
admin?

On 13 January 2016 at 22:29, Bill Burke <bburke at redhat.com> wrote:

> IMPERONATE replaces LOGIN event.  So, based on that you can just group
> all events under a certain user session to the impersonate one.
>
> I changed my mind, I don't think this should be logged to the
> console/log file by default.  The event manage can be set up to manage
> all this.
>
> On 1/13/2016 4:16 PM, Marek Posolda wrote:
> > Wonder if impersonated events shouldn't be normal events, but just
> > have some prefix for them in type? For example IMPERSONATED_LOGIN,
> > IMPERSONATED_LOGOUT, IMPERSONATED_TOKEN_REFRESH etc. Similarly like we
> > have prefix in type for error events.
> >
> > And in all impersonated events, there might be also detail in the
> > event identifying admin user who is impersonating.
> >
> > Hopefully this is easy to implement without touching too much files in
> > codebase (but not sure) :)
> >
> > Marek
> >
> >
> > On 13/01/16 21:51, Bill Burke wrote:
> >> IMO, impersonate events should not be treated as a success (debug) event
> >> and should be logged to the console/log file.  Agreed?
> >>
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160114/35a94f89/attachment.html 


More information about the keycloak-dev mailing list