fosuserbundle - Symfony impersonation - separate firewalls and separate user providers -

i have symfony application 2 firewalls, 1 admins , 1 normal users.

admin:     provider: admin     # etc  main_site:     form_login:         provider: fos_userbundle         csrf_provider: form.csrf_provider 

i'd admin users able impersonate normal users. how can this, given they're using separate firewalls , separate user providers?

there several things had work.

context key: described here, had give both firewalls same context. without this, admins taken login page when trying switch users.

config on both firewalls: had add basic switch_user configuration keys both firewalls:

switch_user:     role: role_admin 

if put config on main_site firewall, admins got access denied message when exiting impersonation , going admin page. (for example, route /admin/dashboard?_switch_user=_exit give 403).

provider key on main_site's config:

main_site:     switch_user:         role: role_admin         provider: fos_userbundle 

without this, got error "switch user failed - user@example.com not found". digging code, turned out admin user provider being used, , of course normal users couldn't found when using provider.

(provider key switch_user config discussed here.)

alternatively, have added provider key firewall itself:

main_site:     switch_user:         role: role_admin     provider: fos_userbundle 

you'll see config in question fos_userbundle specified provider form_login, not main_site whole, why wasn't being used until added it. adding in either place (impersonation config or whole firewall) trick.

here's full set of relevant config:

admin:     provider: admin     # have put basic switch_user config on both firewalls     switch_user:         role: role_admin     # both admin , main_site firewalls have same context, allow     # cross-firewall impersonation     # https://stackoverflow.com/a/17991481/328817     context: boardworks  main_site:     form_login:         provider: fos_userbundle         csrf_provider: form.csrf_provider     switch_user:         role: role_admin         # have explicitly set provider, otherwise site use admin         # user provider when looking users whom admins trying impersonate         provider: fos_userbundle     # rather adding provider above, have added here:     #provider: fos_userbundle