Hi Thorsten,
Does your application internally has identifiers/information about its
users? Can you list them through it?
We've implemented this using a custom Spring Authentication object (called
SwitchUserAuthentication) in which we keep the original Authentication
object of the Spring security context, then we replace the Authentication
object of the security context with it. That way, the application knows
that a user is authenticated in an impersonated way and we can log actions
accordingly.
This doesn't work though if you need to do remote API calls using
impersonated OAuth2 access tokens. I haven't seen anything yet allowing
this in Keycloak.
Gabriel
2017-09-12 18:21 GMT-04:00 Thorsten <thorsten315(a)gmx.de>:
Hi there,
I have an application (Angular 4 UI + Spring Boot Backend) where I would
like to implement user impersonation without going through the Keycloak
console.
Ideally the power user with the proper impersonation permissions can click
a button in the app and then a new windows is being opened in the same
application but with the user to impersonate logged in.
Is there any example on how to do this or can somebody outline how this
would be possible?
Thanks,
Thorsten
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Gabriel Lavoie
glavoie(a)gmail.com