Layer7 Access Management

Expand all | Collapse all

Impersonation Use case Question

Jump to Best Answer
  • 1.  Impersonation Use case Question

    Posted 11-29-2016 04:58 PM

    Customer wants to access/have both Impersonator and Impersonatee sessions active on the same browser at a time(meaning they will navigate back and forth between Admin application as an Admin user and End user application as End user).

     

    If I am not wrong, according to the current design you cannot get back to Impersonator’s original session unless you end impersonation session.

     

    Is it feasible to achieve this use case ? 

     

    Thanks

    Ashok



  • 2.  Re: Impersonation Use case Question
    Best Answer

    Posted 11-29-2016 05:55 PM

    I do not think this is possible.

    By design, once Impersonator impersonates another user,  Impersonatee session was created as new smsession cookie, the old smsession cookie becomes SMSAVEDSESSION cookie.
    When accessing a protected resource, the smsession will be checked or validated.
    If you access Impersonator's original resource, you should get AzReject error 403 from poliy server, which means Impersonatee does not have the rights to access it.

     

    You should always ends Impersonatee session before going back to Impersonator resource.

     

    Hongxu



  • 3.  Re: Impersonation Use case Question

    Posted 11-29-2016 06:00 PM

    It's not possible to achieve what you are looking. 



  • 4.  Re: Impersonation Use case Question

    Posted 11-30-2016 12:51 PM

    Thank you Ujwol and Hongxu.

     

    Is it a valid enhancement request, as this request came from a customer and sounds reasonable from Administrator perspective ?

     

    I understand the product feature and the methodology which SM follows to provide this feature, this might be a complete redesign of the Impersonation feature.



  • 5.  Re: Impersonation Use case Question

    Posted 11-30-2016 03:26 PM

    Hi Ashok,


    I don't think this functionality will add much value considering the amount of changes it will need in the current design.


    Client can simply open two different browser session one each for Impersonator and Imoersonatee.


    Regards,

    Ujwol



  • 6.  Re: Impersonation Use case Question

    Posted 11-30-2016 03:34 PM

    Agree. Thank you Ujwol.