[keycloak-user] Externally triggered impersonation
Gabriel Lavoie
glavoie at gmail.com
Wed Sep 13 09:59:44 EDT 2017
Hi Thorsten,
Does your application internally has identifiers/information about its
users? Can you list them through it?
We've implemented this using a custom Spring Authentication object (called
SwitchUserAuthentication) in which we keep the original Authentication
object of the Spring security context, then we replace the Authentication
object of the security context with it. That way, the application knows
that a user is authenticated in an impersonated way and we can log actions
accordingly.
This doesn't work though if you need to do remote API calls using
impersonated OAuth2 access tokens. I haven't seen anything yet allowing
this in Keycloak.
Gabriel
2017-09-12 18:21 GMT-04:00 Thorsten <thorsten315 at gmx.de>:
> Hi there,
>
> I have an application (Angular 4 UI + Spring Boot Backend) where I would
> like to implement user impersonation without going through the Keycloak
> console.
>
> Ideally the power user with the proper impersonation permissions can click
> a button in the app and then a new windows is being opened in the same
> application but with the user to impersonate logged in.
>
> Is there any example on how to do this or can somebody outline how this
> would be possible?
>
> Thanks,
>
> Thorsten
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
Gabriel Lavoie
glavoie at gmail.com
More information about the keycloak-user
mailing list