@Override public void config( RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { impersonatedUserId = manager .getSession() .users() .getUserByUsername("test-user@localhost", appRealm) .getId(); { UserModel masterImpersonator = manager.getSession().users().addUser(adminstrationRealm, "master-impersonator"); masterImpersonator.setEnabled(true); ClientModel adminRealmClient = adminstrationRealm.getClientByClientId( KeycloakModelUtils.getMasterRealmAdminApplicationClientId( appRealm.getName())); RoleModel masterImpersonatorRole = adminRealmClient.getRole(ImpersonationConstants.IMPERSONATION_ROLE); masterImpersonator.grantRole(masterImpersonatorRole); } { UserModel masterBadImpersonator = manager .getSession() .users() .addUser(adminstrationRealm, "master-bad-impersonator"); masterBadImpersonator.setEnabled(true); } { UserModel impersonator = manager.getSession().users().addUser(appRealm, "impersonator"); impersonator.setEnabled(true); ClientModel appRealmClient = appRealm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID); RoleModel realmImpersonatorRole = appRealmClient.getRole(ImpersonationConstants.IMPERSONATION_ROLE); impersonator.grantRole(realmImpersonatorRole); } { UserModel impersonator = manager.getSession().users().addUser(appRealm, "realm-admin"); impersonator.setEnabled(true); ClientModel appRealmClient = appRealm.getClientByClientId(Constants.REALM_MANAGEMENT_CLIENT_ID); RoleModel realmImpersonatorRole = appRealmClient.getRole(AdminRoles.REALM_ADMIN); impersonator.grantRole(realmImpersonatorRole); } { UserModel badimpersonator = manager.getSession().users().addUser(appRealm, "bad-impersonator"); badimpersonator.setEnabled(true); } }