Re: [keycloak-user] Detect user impersonation
Surprisingly enough, no it's not possible at the moment. The assumption
that was made was that impersonation was not something the app should care
about. Can you audit this on the Keycloak server side instead? The login
event has details that shows it's impersonated including the impersonator.
Feel free to create a feature request for this.
On 10 January 2017 at 13:09, David Delbecq <david_delbecq(a)trimble.com>
wrote:
Hello,
for audit reason, our application need to be able to make the difference
between "userA" and "userA impersonated by admin xyz". Is there some
way
from the client point of view to make a difference between a logged in user
and an admin impersonating that user? Is it possible to add some property
in KeycloakPrincipal to detect it? And possiblity get the name of the admin
doing it?
--
<http://www.trimble.com/>
David Delbecq
Software engineer, Transport & Logistics
Geldenaaksebaan 329, 1st floor | 3001 Leuven
+32 16 391 121 <+32%2016%20391%20121> Direct
david.delbecq(a)trimbletl.com
<http://www.trimbletl.com/>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user