[keycloak-user] Externally triggered impersonation

[Thorsten]

Yes, the goal would be to replace the current flow of impersonation that
requires a user to actually go to the Keycloak console and press the
"Impersonate" button. Doing this will open a new account management window
where the user - now impersonating the target user - can click on an app
link to use the app as the impersonated user.

So this is a very common requirement for most apps I have worked on and its
great that KC provides an out of the box solution for this. But it would be
really awesome if the same goal - an impersonated token - could be done
without the need to hit the KC console at all. Bonus points if the
impersonated token contains information that would indicate that this is an
impersonated token.

If that would be possible with the token exchange you are working on then
perfect!

Thanks

2017-09-13 16:58 GMT+02:00 Bill Burke <bburke at redhat.com>:

> You mean you want to be able to obtain a token for a different user.
> We don't support this, although I'm considering do this now with the
> token exchange work I'm doing.
>
> On Tue, Sep 12, 2017 at 6:21 PM, Thorsten <thorsten315 at gmx.de> wrote:
> > Hi there,
> >
> > I have an application (Angular 4 UI + Spring Boot Backend) where I would
> > like to implement user impersonation without going through the Keycloak
> > console.
> >
> > Ideally the power user with the proper impersonation permissions can
> click
> > a button in the app and then a new windows is being opened in the same
> > application but with the user to impersonate logged in.
> >
> > Is there any example on how to do this or can somebody outline how this
> > would be possible?
> >
> > Thanks,
> >
> > Thorsten
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> --
> Bill Burke
> Red Hat
>