Would has any pointers on implementing sso where admin could impersonate an existing user. Flow: ng-client(aquires the token - public client) -> rest api (Keycloak bearer client) Read this thread but was left out : http://lists.jboss.org/pipermail/keycloak-user/2015-April/001945.html Appreciate it.