[keycloak-dev] user impersonation committed
Bill Burke
bburke at redhat.com
Fri Jul 10 22:43:49 EDT 2015
On 7/10/2015 10:04 PM, Scott Rossillo wrote:
>
> A few things:
>
> 1. Impersonation should be available via an admin endpoint. If I have the impersonation role, I should be able to make a call to impersonate another user.
I've only implemented browser impersonation (cookies). There is no
token exchange at the moment.
> 2. It should be availabe in the admin console on the user details page and the list. I don’t think it makes sense to have to click into the user if you already found them in search results, etc.
Ok.
> 3. What happens when user X decides to impersonate user Y and user X is already authenticated to clients? How does the impersonation for user X of user Y get propagated to clients? What happens on logout?
>
If User X and User Y are in the same realm, then User X will first be
logged out (and a backchannel logout performed on all clients), then
logged in as User Y. The plan is to redirect to the Account
Applications page.
If User X and User Y are in different realms, then User X stays logged
in. I'm thinking that a new tab would be opened that is redirected to
Account Applications page.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list