[keycloak-user] Impersonation not working from REST calls?

David Delbecq david_delbecq at trimble.com
Tue Feb 14 06:05:28 EST 2017


Never mind, it's working now, i forgot to set the allow-credentials in
xmlhttprequest. Without that, cookies are not saved from reply.

On Tue, Feb 14, 2017 at 11:56 AM David Delbecq <david_delbecq at trimble.com>
wrote:

> Hello,
>
> i have some issues to get impersonation to work in my webapp. There is a
> feature in web for an admin to show all business data and accounts, select
> one account and become that user.
>
>
>
>
> Scenario 1) i connect as user davidd to
> <keycloak>/auth/admin/<realm>/console. I select the user I want to
> impersonate, click on impersonate. Browser request sniffing show a REST
> call: POST:
> <keycloak>/auth/admin/<realm>/TrimbleTL/users/4f568e43-89d3-4224-a908-aefe71383c82/impersonation
> followed by loading of account profile page of that user
>
>
> Scenario 2) I connect to my app as davidd. I select the user i want to
> become and start the impersonation process. My webapp first call
> /kc_query_bearer_token to get a token, then calls using xmlhttprequest
> <keycloak>/auth/admin/<realm>/TrimbleTL/users/4f568e43-89d3-4224-a908-aefe71383c82/impersonation
> setting Bearer token in header, and same payload as in (1). I get an HTTP
> OK reply from keycloak. I then go to the root of my webapp and am
> redirected to login screen. My admin user was thus correctly logged out,
> but the new user is not set up for some reason.
>
>
> What am i missing to get impersonation to work from my webapp? Should i
> extract cookies from reply and put them in my own domain for example?
> --
> <http://www.trimble.com/>
> David Delbecq
> Software engineer, Transport & Logistics
> Geldenaaksebaan 329, 1st floor | 3001 Leuven
> +32 16 391 121 <+32%2016%20391%20121> Direct
> david.delbecq at trimbletl.com
> <http://www.trimbletl.com/>
>
>
-- 
<http://www.trimble.com/>
David Delbecq
Software engineer, Transport & Logistics
Geldenaaksebaan 329, 1st floor | 3001 Leuven
+32 16 391 121 <+32%2016%20391%20121> Direct
david.delbecq at trimbletl.com
<http://www.trimbletl.com/>


More information about the keycloak-user mailing list