[keycloak-user] Keycloak impersonate programmatically

Daniele Bonetto daniele.bonetto at dnshosting.it
Thu May 12 08:25:45 EDT 2016 

Hi,

i suppose you've to set cookies from response and keycloak automagically 
made the things for you.

I resolved the problem to call impersonation API from our back-office 
panel applying the following modifications to keycloak.js file.

After /processInit /function definition add the following lines of code:

             /**
              * Append methods to keycloak object
              */
             
             adapter.impersonate = function(options) {
                 var url = kc.createImpersonationUrl(options);
                 var req = new XMLHttpRequest();
                 req.open('POST', url, true);
                 req.setRequestHeader('Accept', 'application/json');
                 req.setRequestHeader('Authorization', 'bearer ' + kc.token);
                 req.withCredentials = true;
                 
                 var promise = createPromise();

                 req.onreadystatechange = function () {
                     if (req.readyState == 4) {
                         if (req.status == 200) {
                             promise.setSuccess();
                         } else {
                             promise.setError();
                         }
                     }
                 }

                 req.send(null);

                 return promise.promise;
             };
             
             kc.impersonate = function(options) {
             	return adapter.impersonate(options);
             };

             kc.createImpersonationUrl = function(user) {
                 return getRealmUrl().replace('/auth/', '/auth/admin/') + '/users/' + user + '/impersonation';
             };


Then define your impersonate method that calls keycloak.impersonate 
where you manage local session refresh, like that:

         function impersonate(user) {

             var deferred = $.Deferred();

             keycloak.impersonate(user).success(function() {

                 console.log('user ' + user + ' impersonated');

		// clear local session user informations

                 clearSession();
		
		// refresh logged user

                 keycloak.login();

                 deferred.resolve();

             });

             return deferred.promise();

         }


Hope this helps! ;)

Daniele Bonetto



Il 12/05/2016 00:29, Anshul Malpani ha scritto:
> Hi,
>
> I am trying to use impersonate feature using my java client. When I 
> call impersonate api using admin access grant. I get back the cookies. 
> How can I get the access token for the impersonate user.
>
>
>
> HttpPost post = new HttpPost(
> KeycloakUriBuilder.fromUri(authServerUrl).path(“/admin/realms/{realm}/users/{id}/impersonation").build(realm, 
> accountKeycloakId));
>
> This is returning me cookies. In next step I would like to get the 
> access token of impersonate user.
>
> Thanks
> A
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160512/859e59c8/attachment.html

More information about the keycloak-user mailing list