diff --git a/keystone/tests/test_auth.py b/keystone/tests/test_auth.py
index 7a69eda847..6371caf41f 100644
--- a/keystone/tests/test_auth.py
+++ b/keystone/tests/test_auth.py
@@ -603,7 +603,7 @@ class AuthWithTrust(AuthTest):
         self.sample_data = {'trustor_user_id': self.trustor['id'],
                             'trustee_user_id': self.trustee['id'],
                             'project_id': self.tenant_bar['id'],
-                            'impersonation': 'True',
+                            'impersonation': True,
                             'roles': [{'id': self.role_browser['id']},
                                       {'name': self.role_member['name']}]}
         expires_at = timeutils.strtime(timeutils.utcnow() +
@@ -611,7 +611,7 @@ class AuthWithTrust(AuthTest):
                                        fmt=TIME_FORMAT)
         self.create_trust(expires_at=expires_at)
 
-    def create_trust(self, expires_at=None, impersonation='True'):
+    def create_trust(self, expires_at=None, impersonation=True):
         username = self.trustor['name'],
         password = 'foo2'
         body_dict = _build_user_auth(username=username, password=password)
@@ -676,13 +676,12 @@ class AuthWithTrust(AuthTest):
             self.assertIn(role['id'], role_ids)
 
     def test_create_trust_no_impersonation(self):
-        self.create_trust(expires_at=None, impersonation='False')
+        self.create_trust(expires_at=None, impersonation=False)
         self.assertEquals(self.new_trust['trustor_user_id'],
                           self.trustor['id'])
         self.assertEquals(self.new_trust['trustee_user_id'],
                           self.trustee['id'])
-        self.assertEquals(self.new_trust['impersonation'],
-                          'False')
+        self.assertIs(self.new_trust['impersonation'], False)
         auth_response = self.fetch_v2_token_from_trust()
         token_user = auth_response['access']['user']
         self.assertEquals(token_user['id'],
@@ -690,6 +689,15 @@ class AuthWithTrust(AuthTest):
 
         # TODO(ayoung): Endpoints
 
+    def test_create_trust_impersonation(self):
+        self.create_trust(expires_at=None)
+        self.assertEqual(self.new_trust['trustor_user_id'], self.trustor['id'])
+        self.assertEqual(self.new_trust['trustee_user_id'], self.trustee['id'])
+        self.assertIs(self.new_trust['impersonation'], True)
+        auth_response = self.fetch_v2_token_from_trust()
+        token_user = auth_response['access']['user']
+        self.assertEqual(token_user['id'], self.new_trust['trustor_user_id'])
+
     def test_token_from_trust_wrong_user_fails(self):
         request_body = self.build_v2_token_request('FOO', 'foo2')
         self.assertRaises(
diff --git a/keystone/token/controllers.py b/keystone/token/controllers.py
index 8d2ce878d1..72486a1af5 100644
--- a/keystone/token/controllers.py
+++ b/keystone/token/controllers.py
@@ -181,7 +181,7 @@ class Auth(controller.V2Controller):
                 trust_ref['trustee_user_id'])
             if not trustee_user_ref['enabled']:
                 raise exception.Forbidden()()
-            if trust_ref['impersonation'] == 'True':
+            if trust_ref['impersonation'] is True:
                 current_user_ref = trustor_user_ref
             else:
                 current_user_ref = trustee_user_ref