It has something to do with the cookies. I can impersonate a user the first time I try (without any cookies yet for the browser session). If I try again after doing log out, the login form is always shown, even after impersonate another user. The only way I found to impersonate a user again is clearing the cookies for the keycloak server. I hope this info is useful in order to reproduce the problem. El 29 nov. 2017 10:13 p. m., "Diego Diez" <diegodiez.ddr(a)gmail.com&gt; escribió: > After clicking the button I can see the account of the impersonated user, > but the SSO doesn't seem to work. > > When I go to another app, the login form is prompt again instead of a new > redirect with the user logged in to the app automatically. > > That's the issue I meant in the first place. Sorry for the lack of > details. > > PD: the app I used to reproduce the problem was secured using the spring > security adapter for spring boot > > El 29 nov. 2017 9:33 p. m., "Stian Thorgersen" <sthorger(a)redhat.com&gt; > escribió: > > Oh and we do have tests as well for it ;) > > On 29 November 2017 at 21:33, Stian Thorgersen <sthorger(a)redhat.com&gt; > wrote: > >> Just tried it here and works just fine for me. >> >> On 29 November 2017 at 18:24, Diego Diez <diegodiez.ddr(a)gmail.com&gt; >> wrote: >> >>> Hi Keycloak Community, >>> >>> >>> After successfully upgrade our servers from keycloak 2.5.4.Final to >>> 3.4.0.Final, we have notice that the impersonation feature isn't >>> working anymore. >>> >>> We have tested other versions with a vanilla install and the first >>> version with this problem is 3.2.0.Final. >>> >>> Are you experiencing this problem? Impersonation is a quite useful >>> feature to us, so any workaround until next release would be great. >>> >>> >>> Regards, >>> >>> Diego Díez >>> _______________________________________________ >>> keycloak-user mailing list >>> keycloak-user(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/keycloak-user >> >> >> > >

Hi, I also have an issue with Impersonate function due to the AUTH_SESSION_ID cookie. It looks like after a impersonate login and a logout, the session cookie AUTH_SESSION_ID is still "alive", and forbid our managers to impersonate again (the login form is displayed instead). The only way to fix this isse is to clear by hand this cookie. On classic authentication, the behaviour is the same (the cookie is not remove at the end of the session/logout), but it doesn't forbid the users to login again. For me, it seems to be a keycloak issue. Regards, ________________________________ De : keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces@lists. jboss.org> de la part de Stian Thorgersen <sthorger(a)redhat.com&gt; Envoyé : vendredi 1 décembre 2017 09:12 À : Diego Diez Cc : keycloak-user Objet : Re: [keycloak-user] Impersonate user feature stop working after 3.2.0.Final I can't reproduce this, please try with the latest release 3.4.1 and if you can give us exact steps on how to reproduce create a bug in JIRA. On 30 November 2017 at 20:22, Diego Diez <diegodiez.ddr(a)gmail.com&gt; wrote: > It has something to do with the cookies. > I can impersonate a user the first time I try (without any cookies yet for > the browser session). > If I try again after doing log out, the login form is always shown, even > after impersonate another user. > The only way I found to impersonate a user again is clearing the cookies > for the keycloak server. > > I hope this info is useful in order to reproduce the problem. > > > El 29 nov. 2017 10:13 p. m., "Diego Diez" <diegodiez.ddr(a)gmail.com&gt; > escribió: > >> After clicking the button I can see the account of the impersonated user, >> but the SSO doesn't seem to work. >> >> When I go to another app, the login form is prompt again instead of a new >> redirect with the user logged in to the app automatically. >> >> That's the issue I meant in the first place. Sorry for the lack of >> details. >> >> PD: the app I used to reproduce the problem was secured using the spring >> security adapter for spring boot >> >> El 29 nov. 2017 9:33 p. m., "Stian Thorgersen" <sthorger(a)redhat.com&gt; >> escribió: >> >> Oh and we do have tests as well for it ;) >> >> On 29 November 2017 at 21:33, Stian Thorgersen <sthorger(a)redhat.com&gt; >> wrote: >> >>> Just tried it here and works just fine for me. >>> >>> On 29 November 2017 at 18:24, Diego Diez <diegodiez.ddr(a)gmail.com&gt; >>> wrote: >>> >>>> Hi Keycloak Community, >>>> >>>> >>>> After successfully upgrade our servers from keycloak 2.5.4.Final to >>>> 3.4.0.Final, we have notice that the impersonation feature isn't >>>> working anymore. >>>> >>>> We have tested other versions with a vanilla install and the first >>>> version with this problem is 3.2.0.Final. >>>> >>>> Are you experiencing this problem? Impersonation is a quite useful >>>> feature to us, so any workaround until next release would be great. >>>> >>>> >>>> Regards, >>>> >>>> Diego Díez >>>> _______________________________________________ >>>> keycloak-user mailing list >>>> keycloak-user(a)lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/keycloak-user keycloak-user Info Page - JBoss<https://lists.jboss.org/ mailman/listinfo/keycloak-user> lists.jboss.org To see the collection of prior postings to the list, visit the keycloak-user Archives. Using keycloak-user: To post a message to all the list members ... >>> >>> >>> >> >> _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user keycloak-user Info Page - JBoss<https://lists.jboss.org/ mailman/listinfo/keycloak-user> lists.jboss.org To see the collection of prior postings to the list, visit the keycloak-user Archives. Using keycloak-user: To post a message to all the list members ... _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user