Hi everyone,
I am trying to use the Direct Naked Impersonation feature in Keycloak version 26.5.6, but I am running into some issues and I’m not able to follow the steps described in the official documentation.
In particular, starting from the basics, I cannot find the “Permissions” tab under the Users section, which seems to be required to configure impersonation permissions as described.
I have already enabled the following features in my configuration:
-
token-exchange
-
admin-fine-grained-authz
However, when I try to proceed (for example enabling management permissions via the Admin API), I receive errors such as “Feature not enabled”.
It looks like either the feature is not fully available or the documentation does not match the behavior of this Keycloak version.
Am I missing any configuration step, or is Direct Naked Impersonation (token exchange without subject_token) not fully supported in Keycloak 26.5.6?
My use case is the following: I will receive a user’s username in a server-to-server flow, and I need to determine whether that user is authorized for the requested resource within the application. To do this, I need to impersonate the user, obtain an access token, and call the authorization endpoint for the resource
Thanks in advance for your help!