<div dir="ltr">The way it works is:<div><br></div><div>* Admin impersonate user</div><div>* SSO for browser is now switched to be authenticated as the user rather than the admin</div><div>* Admin can now login to any application and would automatically be logged in as the impersonated user</div><div><br></div><div>So it's transparent to the applications and they don't need to deal with impersonation in a special way.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 5 July 2016 at 14:47, Harry Trinta <span dir="ltr"><<a href="mailto:harrytpc@gmail.com" target="_blank">harrytpc@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Stian, thanks for the reply!</div><div><br></div><div>There is no service to retrieve a token passing the cookies as a parameter?</div><div>I was looking at TokenEndpoint.java, but I have not found a way.</div><div><br></div><div>Thanks</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2016-07-05 3:33 GMT-03:00 Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">The impersonation feature we have logs the admin in as the impersonated user rather than generate tokens. We decided on this approach as it would be transparent to applications and they wouldn't need to build-in special impersonation. What you want is not possible at the moment, but you can create a JIRA feature request for it. It would have to be a community contribution if you want it added in a timely manner.</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On 4 July 2016 at 18:52, Harry Trinta <span dir="ltr"><<a href="mailto:harrytpc@gmail.com" target="_blank">harrytpc@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US">Dears,<u></u><u></u></span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US">I need a help with user impersonation on keycloak.<u></u><u></u></span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US">I am authenticating users through the "/realms/test/protocol/openid-connect/token". As expected, it returns a token JWT.<u></u><u></u></span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US">In my app, all requests go through apiman, which validates the JWT.<u></u><u></u></span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US"><u></u> <u></u></span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US">Now, I need to personification of user. I'm calling the service "/admin/realms/test/users/USER_ID/impersonation", sending the token in the header (Authorization = Bearer eyJhbGciOiJSUzI1NiJ9 ...).<u></u><u></u></span></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span lang="EN-US">The service /impersonation creates the user session on keycloak, however doesnt return a JWT, but 3 cookies. <b>I'd like to get the JWT of personified user instead of cookie.</b> </span>It's possible?<u></u><u></u></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Best regards</p><p class="MsoNormal" style="margin:0cm 0cm 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Harry Costa</p></div>
<br></div></div>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>