You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
admin/api
Describe the bug
I want to bind a user policy to the user impersonation permission withour activating the feature admin-fine-grained-authz when start a keycloak service.
The documentation said that the impersonation feature is active by default in keycloak, but if you don't activate the parameter admin-fine-grained-authz:
Is you tray to activate the user permissions using the Admin Console, the permissions tab is not showed in the user menu so is not possible bind any policy visually.
Is you tray to activate the user permissions using the Admin CLI like this:
For more on this error consult the server log at the debug level. [unknown_error]
This option only works when you activate the parameter admin-fine-grained-authz
Conclusion: you must to activate the parameter: admin-fine-grained-authz a Preview features if you want to use the impersonation a Supported features, so this is situation is incongruent.
Version
24.0.4
Regression
The issue is a regression
Expected behavior
I want to bind a user policy to the user impersonation permission without activating the parameter admin-fine-grained-authz which is a Preview features
Actual behavior
Is not possible to use the impersonation user behavior in a production environment because the admin-fine-grained-authz is not recomended to be used in this environment as keycloak comment.
How to Reproduce?
Try to activate the impersonation permissions from Admin CLI you will obtain an error, if you try to use the Admin Console not exist the tab of permissions to be activated
Anything else?
No response
The text was updated successfully, but these errors were encountered:
there is impersonation "feature" that is available to any user with impersonation role.
then you have fine grain impersonation control "feature" where you have more control over who can impersonate users. This is based on admin-fine-grained-authz feature which obviously needs to be enabled
Ok so the stable impersonation is related to the impersonation button that exist in the Keykloak Admin UI. So to use a more detail control impersonation ypu must to use the not stable parameter admin-fine-grained-authz.
So my last question is is in the keycloak roadmap include this feature as stable feature is a short of time?
Before reporting an issue
Area
admin/api
Describe the bug
I want to bind a user policy to the user impersonation permission withour activating the feature admin-fine-grained-authz when start a keycloak service.
The documentation said that the impersonation feature is active by default in keycloak, but if you don't activate the parameter admin-fine-grained-authz:
kcadmin.sh update users-management-permissions -r poc -s enabled=true
You obtain an error like this.
For more on this error consult the server log at the debug level. [unknown_error]
This option only works when you activate the parameter admin-fine-grained-authz
Conclusion: you must to activate the parameter: admin-fine-grained-authz a Preview features if you want to use the impersonation a Supported features, so this is situation is incongruent.
Version
24.0.4
Regression
Expected behavior
I want to bind a user policy to the user impersonation permission without activating the parameter admin-fine-grained-authz which is a Preview features
Actual behavior
Is not possible to use the impersonation user behavior in a production environment because the admin-fine-grained-authz is not recomended to be used in this environment as keycloak comment.
How to Reproduce?
Try to activate the impersonation permissions from Admin CLI you will obtain an error, if you try to use the Admin Console not exist the tab of permissions to be activated
Anything else?
No response
The text was updated successfully, but these errors were encountered: