Upgraded to Keycloak from 3.4.0 to 16.0 - Impersonation NOT working - Though KEYCLOAK_IDENTITY and KEYCLOAK_SESSION Cookie are created.

I need to provide the impersonate functionality outside of Keycloak Admin Console, the very similar to Impersonate button. What I am doing is calling Keycloak REST API for

obtaining the access_token, (auth/realms/master/protocol/openid-connect/token) which is then parsed into another call to impersonate user admin/realms/{realm}/users/{id}/impersonation . The second call is returning the redirect link with boolean and in the headers, there are, besides others, KEYCLOAK_SESSION and KEYCLOAK_IDENTITY cookies.

From here on post redirect to Login Page - The Keycloak Impersonation session is NOT creating instead it is just seating in Login Page

This endpoint is creating all required Usersession (UserSessionModel) and creating an LoginCookie createLoginCookie(AuthenticationManager) After redirection, the Keycloak couldn't able to create an impersonated login session.

Please help me with this. let me know if you need more details.

Here is the Request (done via Angular)

const url = environment.BASE_URL + 'realms/master/custom/realms/REALM_NAME/users/' + userName + '/impersonation';
  const headers = new Headers();
  headers.append('Authorization', 'Bearer ' + user.adminToken);
  headers.append('Access-Control-Allow-Origin', '*')
  const options = new RequestOptions({ method: RequestMethod.Post, headers: headers });
  options.withCredentials = true;
  return this._http
    .post(url, JSON.stringify(representativeDetails), options)
    .map((response: Response) => response.json())
    .catch(this.handleErrorObservable);

Here is the Response sent from our Java application

return Response.ok(result)
.header(HttpHeaders.CONTENT_TYPE, org.keycloak.utils.MediaType.APPLICATION_JSON)
.header("Access-Control-Allow-Origin", origin)
.header("Access-Control-Allow-Methods", CollectionUtil.join(new HashSet(Arrays.asList("GET", "PUT", "POST", "DELETE"))))
.header("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Access-Control-Allow-Origin")
.header("Access-Control-Max-Age", 1234)
.header("Access-Control-Allow-Credentials", true)
.header("Access-Control-Expose-Headers", "*")
.build();

Below I copied from my browser where we can see all the Request and Response Headers

Response Headers

access-control-allow-headers: Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Access-Control-Allow-Origin
access-control-allow-methods: DELETE, POST, GET, PUT
access-control-allow-origin: https://DOMAINNAME.COM
access-control-expose-headers: *
access-control-max-age: 1234
cache-control: NO-CACHE
content-length: 108
content-type: application/json
date: Fri, 28 Jan 2022 20:31:19 GMT
p3p: CP="This is not a P3P policy!"
pragma: NO-CACHE
referrer-policy: no-referrer
set-cookie: KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiIsInXXXXXXX--------tm_sC4lnc; Version=1; Path=/; SameSite=None; Secure; HttpOnly
set-cookie: KEYCLOAK_IDENTITY_LEGACY=eyJhbGciOiJIUzI1NiIsInXXXXXXX--------tm_sC4lnc; Version=1; Path=/; Secure; HttpOnly
set-cookie: KEYCLOAK_SESSION=REALM_NAME/065ec370-e803-4351-9a06; Version=1; Expires=Mon, 07-Feb-2022 20:31:19 GMT; Max-Age=864000; Path=/; SameSite=None; Secure
set-cookie: KEYCLOAK_SESSION_LEGACY=REALM_NAME/065ec370-e803-4351-9a06; Version=1; Expires=Mon, 07-Feb-2022 20:31:19 GMT; Max-Age=864000; Path=/; Secure
set-cookie: AUTH_SESSION_ID=; Version=1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/; Secure; HttpOnly
set-cookie: KC_RESTART=; Version=1; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Max-Age=0; Path=/; Secure; HttpOnly
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

**Request Headers**

:authority: SSO_BASE_URL.COM
:method: POST
:path: /auth/realms/master/custom/realms/REALM_NAME/users/USER_ID/impersonation
:scheme: https
accept: application/json, text/plain, */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9,hi;q=0.8,en-IN;q=0.7
access-control-allow-origin: *
authorization: Bearer TOKEN_TOKEN_TOKEN
cache-control: no-cache
content-length: 36
content-type: application/json
cookie: AUTH_SESSION_ID=d1d12d09-3; 
AUTH_SESSION_ID_LEGACY=d1d12d09-3; 
KEYCLOAK_SESSION=master/eda99620-92e2-4; 
KEYCLOAK_SESSION_LEGACY=master/eda99620-92e2-4; 
KEYCLOAK_IDENTITY=eyJhbGciOiJIUzI1NiI------------; KEYCLOAK_IDENTITY_LEGACY=eyJhbGciOiJIUzI1NiI------------;
LanguageDisplayDirection=ltr; 
SplashScreen=false; 
cookiebanner=false; 
origin: https://DOMAINNAME.COM
pragma: no-cache
referer: https://DOMAINNAME.COM/
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="97", "Chromium";v="97"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36

https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java

https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java