[keycloak-user] Impersonation not working from REST calls?

David Delbecq david_delbecq at trimble.com
Tue Feb 14 05:56:55 EST 2017


Hello,

i have some issues to get impersonation to work in my webapp. There is a
feature in web for an admin to show all business data and accounts, select
one account and become that user.




Scenario 1) i connect as user davidd to
<keycloak>/auth/admin/<realm>/console. I select the user I want to
impersonate, click on impersonate. Browser request sniffing show a REST
call: POST:
<keycloak>/auth/admin/<realm>/TrimbleTL/users/4f568e43-89d3-4224-a908-aefe71383c82/impersonation
followed by loading of account profile page of that user


Scenario 2) I connect to my app as davidd. I select the user i want to
become and start the impersonation process. My webapp first call
/kc_query_bearer_token to get a token, then calls using xmlhttprequest
<keycloak>/auth/admin/<realm>/TrimbleTL/users/4f568e43-89d3-4224-a908-aefe71383c82/impersonation
setting Bearer token in header, and same payload as in (1). I get an HTTP
OK reply from keycloak. I then go to the root of my webapp and am
redirected to login screen. My admin user was thus correctly logged out,
but the new user is not set up for some reason.


What am i missing to get impersonation to work from my webapp? Should i
extract cookies from reply and put them in my own domain for example?
-- 
<http://www.trimble.com/>
David Delbecq
Software engineer, Transport & Logistics
Geldenaaksebaan 329, 1st floor | 3001 Leuven
+32 16 391 121 <+32%2016%20391%20121> Direct
david.delbecq at trimbletl.com
<http://www.trimbletl.com/>


More information about the keycloak-user mailing list