[keycloak-user] Impersonation not working from REST calls?

Hello, i have some issues to get impersonation to work in my webapp. There is a feature in web for an admin to show all business data and accounts, select one account and become that user. Scenario 1) i connect as user davidd to <keycloak>/auth/admin/<realm>/console. I select the user I want to impersonate, click on impersonate. Browser request sniffing show a REST call: POST: <keycloak>/auth/admin/<realm>/TrimbleTL/users/4f568e43-89d3-4224-a908-aefe71383c82/impersonation followed by loading of account profile page of that user Scenario 2) I connect to my app as davidd. I select the user i want to become and start the impersonation process. My webapp first call /kc_query_bearer_token to get a token, then calls using xmlhttprequest <keycloak>/auth/admin/<realm>/TrimbleTL/users/4f568e43-89d3-4224-a908-aefe71383c82/impersonation setting Bearer token in header, and same payload as in (1). I get an HTTP OK reply from keycloak. I then go to the root of my webapp and am redirected to login screen. My admin user was thus correctly logged out, but the new user is not set up for some reason. What am i missing to get impersonation to work from my webapp? Should i extract cookies from reply and put them in my own domain for example? -- <http://www.trimble.com/> David Delbecq Software engineer, Transport & Logistics Geldenaaksebaan 329, 1st floor | 3001 Leuven +32 16 391 121 <+32%2016%20391%20121> Direct david.delbecq(a)trimbletl.com <http://www.trimbletl.com/>