Impersonate a user

Hi,

I’m trying to impersonate a user by API.

I’m using a realm “my_realm”, not a master realm.

My user has all the roles of the client Realm-management and role impersonation.

ok, on the browser using ajax

  1. I get a token for user with role to impersonate
    auth/realms/my_realm/protocol/openid-connect/token

  2. I invoke api to impersonate with the previous token.
    auth/admin/realms/my_realm/users/86e53889-93a1-4187-8580-83e44b55f1cc/impersonation

In the response headers i get new KEYCLOAk_IDENTITY AND KEYCLOAK_SESSION and redirect to auth/realms/smart2m/account/applications

  1. When i redirect to auth/realms/smart2m/account/applications
    the status code is a 302 and a cookie OAuth_Token_Request_State path /auth/realms/smart2m/account/login-redirect. And sometimes a empty KEYCLOAk_IDENTITY AND KEYCLOAK_SESSION cookies and i need to login again.

What am I doing wrong?
What is the correct flow? do i need more permissions?

Thanks in advance.

3 Likes

Hi @Yvan,

Were you able to figure this out?

I am also having a similar problem and just asked a question on this forum: Impersonate a User Via Keycloak API?