[keycloak-dev] Admin events questions
Marek Posolda
mposolda at redhat.com
Mon May 9 06:29:38 EDT 2016
* Currently we support admin events just for 'success' cases. We don't
log any error situations or missing permissions. Is it sufficient?
* Some minor usability issues:
** For both classic events and admin events, there is filtering by Date
(from or to). Couldn't we add some "nice" component for easily select
date? Also the "from" date is included, but "to" date is excluded. This
may not be obvious. Shouldn't we somehow mention it in tooltips?
** In "Auth details" for admin events, there is filtering by "Realm" ,
"Client" or "User". It may not be obvious, that this points to IDs. To
be even more confusing, in "classic" events there is "Client" too, but
that points to clientId (not database ID). Also in many situations,
admins don't know the UserID or client database ID, so there is
additional action required from them that they need to lookup ID it
first. For clients, the client database ID is not even visible in admin
console, so they need to decode either from URL or from some existing
event. I wonder if we should add possibility to filter by "username" or
"clientId"? For users maybe even filtering by email? In case that
"username" or "email" or "clientId" is filled, admin will need to fill
the "realm" too.
More information about the keycloak-dev
mailing list