On 7/10/2015 10:04 PM, Scott Rossillo wrote:
A few things:
1. Impersonation should be available via an admin endpoint. If I have the impersonation
role, I should be able to make a call to impersonate another user.
I've only implemented browser impersonation (cookies). There is no
token exchange at the moment.
2. It should be availabe in the admin console on the user details
page and the list. I don’t think it makes sense to have to click into the user if you
already found them in search results, etc.
3. What happens when user X decides to impersonate user Y and user X
is already authenticated to clients? How does the impersonation for user X of user Y get
propagated to clients? What happens on logout?
If User X and User Y are in the same realm, then User X will first be
logged out (and a backchannel logout performed on all clients), then
logged in as User Y. The plan is to redirect to the Account
If User X and User Y are in different realms, then User X stays logged
in. I'm thinking that a new tab would be opened that is redirected to
Account Applications page.
JBoss, a division of Red Hat