[keycloak-dev] Impersonate should be logged like an error?
Bill Burke
bburke at redhat.com
Thu Jan 14 09:09:44 EST 2016
It includes the username of the admin.
On 1/14/2016 2:50 AM, Stian Thorgersen wrote:
> So we already have an IMPERSONATE event? Does it include details about
> the admin?
>
> On 13 January 2016 at 22:29, Bill Burke <bburke at redhat.com
> <mailto:bburke at redhat.com>> wrote:
>
> IMPERONATE replaces LOGIN event. So, based on that you can just group
> all events under a certain user session to the impersonate one.
>
> I changed my mind, I don't think this should be logged to the
> console/log file by default. The event manage can be set up to manage
> all this.
>
> On 1/13/2016 4:16 PM, Marek Posolda wrote:
> > Wonder if impersonated events shouldn't be normal events, but just
> > have some prefix for them in type? For example IMPERSONATED_LOGIN,
> > IMPERSONATED_LOGOUT, IMPERSONATED_TOKEN_REFRESH etc. Similarly
> like we
> > have prefix in type for error events.
> >
> > And in all impersonated events, there might be also detail in the
> > event identifying admin user who is impersonating.
> >
> > Hopefully this is easy to implement without touching too much
> files in
> > codebase (but not sure) :)
> >
> > Marek
> >
> >
> > On 13/01/16 21:51, Bill Burke wrote:
> >> IMO, impersonate events should not be treated as a success
> (debug) event
> >> and should be logged to the console/log file. Agreed?
> >>
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160114/44ceaa42/attachment.html
More information about the keycloak-dev
mailing list