search

indigo-iam / iam

INDIGO Identity and Access Management Service
https://indigo-iam.github.io/
Other
101 stars 43 forks source link

Allow direct naked impersonation #589

Open chaen opened 1 year ago

chaen commented 1 year ago

Hi,

Preamble question: I had understood that IAM would migrate to Keycloak [1]. What's the status of that ?

I would like that IAM exposes the direct naked impersonation feature as provided by keycloak [2]

The idea behind this is that the impersonation of a user from a central service (like DIRAC) is a very common and critical use case, and the direct naked impersonation is the best way to mimic that with tokens.

Thanks ! Chris

[1] one of the many sources: https://inspirehep.net/files/836f36693949872723785355b13f273c [2] https://www.keycloak.org/docs/latest/securing_apps/index.html#direct-naked-impersonation

giacomini commented 1 year ago

There is no plan to base (which would mean rewrite) IAM on top of KC; KC has proved not to be an easy platform to extend. About naked impersonation, we can assess how complicated it would be to implement it in IAM and let you know.

chaen commented 1 year ago

There is no plan to base (which would mean rewrite) IAM on top of KC; KC has proved not to be an easy platform to extend.

OK, good to know.

About naked impersonation, we can assess how complicated it would be to implement it in IAM and let you know.

Thank you very much, that would indeed show very useful (not to say needed :-) ). Is there anything I could do to help on that process ?

chaen commented 11 months ago

Ciao @giacomini Any news regarding this ? Let me know if there's anything I can do to help