Open chaen opened 1 year ago
There is no plan to base (which would mean rewrite) IAM on top of KC; KC has proved not to be an easy platform to extend. About naked impersonation, we can assess how complicated it would be to implement it in IAM and let you know.
There is no plan to base (which would mean rewrite) IAM on top of KC; KC has proved not to be an easy platform to extend.
OK, good to know.
About naked impersonation, we can assess how complicated it would be to implement it in IAM and let you know.
Thank you very much, that would indeed show very useful (not to say needed :-) ). Is there anything I could do to help on that process ?
Ciao @giacomini Any news regarding this ? Let me know if there's anything I can do to help
Hi,
Preamble question: I had understood that IAM would migrate to Keycloak [1]. What's the status of that ?
I would like that IAM exposes the direct naked impersonation feature as provided by keycloak [2]
The idea behind this is that the impersonation of a user from a central service (like DIRAC) is a very common and critical use case, and the direct naked impersonation is the best way to mimic that with tokens.
Thanks ! Chris
[1] one of the many sources: https://inspirehep.net/files/836f36693949872723785355b13f273c [2] https://www.keycloak.org/docs/latest/securing_apps/index.html#direct-naked-impersonation