[keycloak-user] Detect user impersonation

Stian Thorgersen sthorger at redhat.com
Fri Jan 13 01:25:42 EST 2017


Surprisingly enough, no it's not possible at the moment. The assumption
that was made was that impersonation was not something the app should care
about. Can you audit this on the Keycloak server side instead? The login
event has details that shows it's impersonated including the impersonator.

Feel free to create a feature request for this.

On 10 January 2017 at 13:09, David Delbecq <david_delbecq at trimble.com>
wrote:

> Hello,
>
> for audit reason, our application need to be able to make the difference
> between "userA" and "userA impersonated by admin xyz". Is there some way
> from the client point of view to make a difference between a logged in user
> and an admin impersonating that user? Is it possible to add some property
> in KeycloakPrincipal to detect it? And possiblity get the name of the admin
> doing it?
> --
> <http://www.trimble.com/>
> David Delbecq
> Software engineer, Transport & Logistics
> Geldenaaksebaan 329, 1st floor | 3001 Leuven
> +32 16 391 121 <+32%2016%20391%20121> Direct
> david.delbecq at trimbletl.com
> <http://www.trimbletl.com/>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list